Q2 2024: Product Updates and Highlights

July 18, 2024

Read on for highlights from DarkOwl’s Product Team for Q2, including new exciting product features.

User Activity + User Profile

The team launched a new User Settings section, which includes user profile management and an Activity page. The Activity page will display information about a user’s individual work in Vision UI, which for now includes Searches, Saved Searches, and Search Blocks. 

Figure 1: Example of User Activity Screen

The DarkOwl Lexicon continues to grow and this quarter, it more than doubled the number entries. In addition to Forums, Markets, and Ransomware Sites, we added two new sections: Chans and Paste Sites. DarkOwl Vision’s Lexicon is an easy-to-use tool intended to help you find interesting content from hacking forums, marketplaces, and other darknet sites. You can make suggestions for sites you’d like us to add here

  • The team added several new actors into the Actor Explore dataset, taking the number of actors in our dataset to 315. Some of the new actor profiles include USDoD, Dmitry Yuryevich KHOROSHEV, and IntelBroker. Entries such as ShinyHunters and Scattered Spider have been updated based on these actors’ recent activity. 
  • We enabled search by CVE or Industry on the main landing page and made it easy to copy contact or entity information from an actor dossier. Enabling search by CVE or industry makes it easier to find and compare actors of interest.
Figure 2: Selecting an item from the Industries screen
  • We launched the first set of our in-app Onboarding Guides in our Vision UI assistant! These self-paced tours are great for new users of the platform, or for those who need a refresher and review of new features. 
  • Analyst-friendly Search Result features: We’ve added additional pivoting from search result metadata, as well as a “copy defanged URL” option to quickly add sanitized URLs to reports.  
  • Our Feed system has been updated to make all of the forum features – and other newer fields – available in our feeds.

Highlights

This quarter was another one of growth in data collection. The team had 32% growth quarter over quarter in ZeroNet documents, 17% growth in records from Telegram and nearly 300 Telegram channels, and 5% growth in paste documents, just to highlight a few. 

When your search results are from data leaks, users can review additional information curated by DarkOwl analysts, giving you enrichment on the data leak. The descriptions below are all available in our Leak Context product feature.

Shell

Data purported to be from Shell was posted on BreachForums, a hacking forum, on May 28, 2024. According to the post, this breach affected the following countries: Australia, Canada, France, India, Malaysia, Netherlands, Philippines, Singapore and United Kingdom. Data exposed includes customer shopper code, full names, mobile numbers, email addresses, physical addresses and payment site details. Analyst Note: According to the original post, the leak contains 80 thousand rows of data and occurred in May 2024. 

The Post Millennial

Data purported to be from The Post Millennial was posted on Internet Archive, a digital library, on May 3, 2024. According to the post, the leak contains copies of the users.json and editors.json files from thepostmillennial.com. The page title is indicative of the files originally being released by “Angelina Ngo.” Data exposed includes names, usernames, passwords, email addresses, password hints, phone numbers, genders, and physical addresses. Analyst Note: Research in DarkOwl Vision indicates the leak was reposted on BreachForums. According to that post, the website was hacked by an individual claiming to be “Angelina (Andy) Ngo” and the leak includes a mailing list containing over 39 thousand rows of user data. A copy of the defacement message is included, which indicates the motive of the attack against the conservative publication is in support of the LGBTQ community. 

Okta

Data purported to be from Okta was posted on BreachForums, a hacking forum, on March 9, 2024. According to the post, the breach occurred in September 2023, and exposed data on 3.8 thousand customer support users. Data exposed includes user ID numbers, usernames, full names, company names, physical addresses, phone numbers, mobile numbers, email addresses. Analyst Note: According to the original post, the threat actor Ddarknotevil shared the breach on behalf of IntelBroker (Cyber Niggers). Analyst Note 2: A high level review of the data indicates that account details such as account status, last login, notes, and role groups were also leaked. 


Curious how these features can make your job easier? Get in touch!

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.