Fax Express leaked database noted by New Jersey
Seen on NJCCIC, a summary of a breach noted by them on December 10:
A hacked database belonging to Fax Express, an office equipment supply store based in Ocean County, NJ was exposed, revealing approximately 560,000 compromised usernames and dehashed passwords. The breached database is connected to the domain shredderstoo[.]com and is assessed to be owned by Fax Express. The leaked data was subsequently found advertised on hacker forums shortly after Cit0Day – a hacker website that provides paying patrons access to a vast collection of compromised credentials – itself appeared to have been hacked. This database is one of 23,000 found in the Cit0Day collection, which housed over 13 billion user records. Though the compromised data associated with Fax Express’ database is not particularly sensitive, it can be used by threat actors in various attacks and may be leveraged across multiple accounts if the passwords are reused. This may put several organizations across NJ at risk, as most patrons of Fax Express are likely business owners or those that purchase office equipment for their organization.