Source code refers to the list of human-readable instructions, which is run through a compiler to turn it into machine code that a computer can understand and execute. Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files through exploits, software bugs, or employees that have access to the sources or part of them revealing the code in order to harm the company.
Recently, Cyble Research Unit (CRU) identified a credible threat actor who claims to be in possession of the source code of CengageNow ILRN application. CengageNOW is Cengage Learning’s eminent online learning system. Cengage is an educational content, technology, and services company for the higher education, K-12, professional, and library markets which has been operating in more than 20 countries around the world. Their ILRN application is a well-known digital solution for college students to grasp foreign languages—Spanish, French, Italian, German, Chinese, and Japanese.
During our research process, the Cyble Research Team got hold of some sensitive information related to this leak-:
- The threat actor seems to be selling the source code of the ILRN application at 1000 USD approximately.
- The source code leaks seem to be including all the programming configuration files and resources of the ILRN application.
Cyble has been reporting these types of breaches to aware individuals of the risks associated with using online services.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence.
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
This monitoring and notification platform give the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020.