Cyber Incident Victim: Netlog.com
Date:
Dec 2020
Location:
United States of America
Summary
Netlog.com (Twoo.com) was among 26 companies whose stolen user records were marketed by a data breach broker on a hacker forum, with 53 million records from the social networking platform listed for sale. The incident formed part of a larger aggregated dataset totaling 368.8 million compromised accounts being offered by the broker. The breach had been previously disclosed, indicating prior public awareness of the compromise. The broker's activities involved pricing and distributing databases from multiple organizations, though specific details regarding the exploitation or confirmed misuse of Netlog's data were not elaborated in available reports.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2020, a data breach broker advertised the sale of 368.8 million allegedly stolen user records from 26 companies on a hacker forum, with Netlog.com (operating as Twoo.com) listed among the affected entities. The broker’s post, discovered by BleepingComputer, included 53 million user records attributed to Netlog.com, which was categorized as a previously disclosed breach based on prior reporting. This incident formed part of a broader pattern where threat actors collaborated with brokers to monetize stolen data through dark web marketplaces. The Netlog.com breach had been referenced in earlier coverage of a separate hacker selling 550 million records, though no additional technical details about the Netlog compromise—such as intrusion methods, data exfiltration timelines, or specific data types—were provided in this article. The broker did not disclose pricing for the Netlog database, unlike other datasets like Teespring.com ($3,800–$4,000) or MyON.com ($2,800).
BleepingComputer’s investigation confirmed that eight of the 26 breaches were newly disclosed, but Netlog.com was not among them, indicating its compromise predated this broker’s activity. The article did not include statements from Netlog.com regarding the incident, nor did it describe any mitigation efforts or forensic findings specific to the company. However, responses from other affected organizations varied: MyON acknowledged a breach but claimed no exposure of sensitive student data, while Chqbook.com denied being compromised entirely. Teespring had issued a concealed breach notification in June 2020 but avoided further engagement with researchers. For Netlog.com users, the primary confirmed impact was the exposure of 53 million records, with historical precedents suggesting such datasets could fuel credential-stuffing attacks or phishing campaigns. BleepingComputer advised users of all affected platforms to reset passwords, though no Netlog-specific malicious activity was cited in the report.