Cyber Incident Victim: GrenXPaRTa

On December 21, 2015, an individual or group using the identifier GrenXPaRTa publicly disclosed a security breach affecting the website Befriending.co.uk. The attacker claimed unauthorized access to the site's user database, extracting 7,379 account records containing email addresses, usernames, and associated passwords. GrenXPaRTa published this information on a blog post hosted at grenxparta.blogspot.co.id, explicitly listing the compromised credentials and providing a direct link to the victim domain. The disclosure included instructions for affected users to change their passwords immediately and contact the attacker, though no motive for the breach or subsequent communication was specified in the public statement. No technical details regarding the exploitation method, such as vulnerabilities leveraged or duration of system access, were provided in the announcement.

The data exposure created immediate risks of credential stuffing attacks, account takeovers, and identity theft for Befriending.co.uk users whose credentials were compromised. GrenXPaRTa’s publication of the full dataset enabled third parties to access and potentially misuse the stolen credentials. The attacker’s directive for victims to change passwords constituted an acknowledgment of the breach’s severity while simultaneously establishing direct contact channels between victims and the threat actor. No information was disclosed regarding Befriending.co.uk’s detection of the intrusion, containment measures, or post-incident notifications to users. The permanent availability of the leaked data through GrenXPaRTa’s blog post and potential archival services created persistent exposure risks for affected individuals beyond the initial disclosure date.