About a month and a half ago, we put out a blog post updating you on TheDarkOverlord, an individual or group of individuals that is a known cyber threat actor and continues to grow in notoriety.
If you'll recall, back in May TheDarkOverlord was busy targeting Netflix by pre-releasing the latest in a popular series, Orange is the New Black. They infamously touted the hack on Twitter - which was where they released the breached Netflix series - subsequently following up with a series of tweets indicating that more unorthodox breaches were to come.
Then, last week, TheDarkOverlord resurfaced on the Twitter to announce "another round" of cyber breaches, this time targeting Hollywood.
As promised, shortly after tweeting the above, TheDarkOverlord announced their "Hollywood" target:
Doughtery Laser Vision "offers the latest vision correction technology including LASIK" to patients in the greater Los Angeles, CA area. TheDarkOverlord is releasing the personally identifiable information (PII) of "celebrity" patients, so far eight in total, one by one on twitter (@tdohack3r).
Note: We do not condone the exposure of information and will thus not be sharing it here directly.
UPDATE: TheDarkOverlord's twitter account, which was used to dox celebrity patients by publicizing their personal medical information, has been shut down by Twitter.
- Credit card information
- Social security or other national identity numbers
- Addresses or locations that are considered and treated as private
- Non-public, personal phone numbers
- Non-public, personal email addresses
- Images or videos that are considered and treated as private under applicable laws
- Intimate photos or videos that were taken or distributed without the subject's consent
In this case, TheDarkOverlord made public a database of medical information of "celebrities," presumably without their consent.
The dangers posed by having one's PII "doxed"- or made public - range from the intangible, such as feelings of emotional violation or embarrassment, to the very real and consequential. A recent study done by the FCC found that when they put (fake) personally identifiable information on the internet, cyber criminals attempted to exploit that information to steal the individuals' identity within 9 minutes of it being posted.
Our team will continue to monitor the activities of TheDarkOverlord.
Curious about something you've read on our blog? Want to learn more? Please reach out. We're more than happy to have a conversation.