Illustration: JMiks | Shutterstock
The hacking group FunkSec has claimed responsibility for an alleged cyberattack on QuizTarget, an online platform popular for its interactive quiz and survey solutions. The hackers allege they have infiltrated 6 GB of sensitive data, potentially impacting millions of users.
According to FunkSec, the stolen data includes a trove of personal and financial information, including full names, payment details, email accounts and passwords, user IDs and ages, source code of the platform, phone numbers, account transactions, secret hashes and cookies, and social media identifiers.
If the claims are verified, this could be a significant data breach, compromising user privacy and the core intellectual property of QuizTarget.
FunkSec has reportedly issued a $1,000,000 ransom demand, payable before January 1, 2025. The group has not disclosed the consequences of non-payment but, based on precedents, could involve either public disclosure or sale of the stolen data on the dark web marketplace.
“We will not share any data with pay but, all data will be public after time ends,” FunkSec wrote.
QuizTarget has yet to respond publicly to the claims or confirm the breach. Experts speculate that the platform’s vulnerability could stem from inadequate security measures or an exploited zero-day vulnerability.
FunkSec is expanding to various sectors, including media, IT, retail, education, automotive, professional services, and NGOs in the United States, Tunisia, India, France, Thailand, Peru, Jordan, and the United Arab Emirates.
The threat actors emerged in September 2024, and their main motivation was financial gain through victim extortion.
We contacted QuizTarget for a comment but have not received a response yet.
India is facing a constant barrage of cyber attacks. As per a report by the Data Security Council of India, the country suffered 369 million cyber-attacks across 8.44 million devices. This accounts for about 702 cyber threats per minute.
In November 2024, the Earth Kasha group was found to be targeting Japan, Taiwan, and India.
In the News: Multi-stage Java RAT campaign exploits Cleo software flaws