An individual who earlier this week was selling 620 million user records stolen from 16 companies has now put up a second batch of hacked data totaling 127 million, originating from eight companies.
The data is currently being sold on Dream Market, a dark web marketplace where crooks sell an assortment of illegal products, such as user data, drugs, weapons, malware, and others.
The individual selling the data goes by the name of Gnosticplayers, and it’s currently unclear if they’re the one/ones who hacked the 24 companies, or just a third-party who purchased the data from the real hacker and is now re-selling it for a bigger profit.
According to tech news site TechCrunch, who first reported this new batch of hacked accounts going for sale on Dream Market, Gnosticplayers is asking for roughly four bitcoin, which is about $14,500 in fiat currency. Prices vary depending on the quality of the user data and the difficulty in cracking password hashes.
This second batch of hacked accounts includes data from the following companies:
Ge.tt (file sharing service) – 1.83 million accounts – 0.16 bitcoinIxigo (travel and hotel booking) – 18 million accounts – 0.262 bitcoinRoll20.net (gaming) – 4 million accounts – 0.0582 bitcoinHouzz (interior design) – 57 million accounts – 2.91 bitcoinCoinmama (cryptocurrency exchange) – 420,000 accounts – 0.3497 bitcoinYounow (live streaming) – 40 million accounts – 0.131 bitcoinStrongHoldKingdoms (gaming) – 5 million accounts – 0.291 bitcoinPetflow (pet food delivery) – 1 million – 0.1777 bitcoin
Image: ZDNet
Of the companies listed above, Houzz had already come clean about its data breach last week. The other seven companies did not publicly reveal any security breaches before the publication of today’s ads.
This new batch of stolen databases comes after earlier this week, the same Dream Market user was selling the following user databases from 16 other companies:
Dubsmash – 162 millionMyFitnessPal – 151 millionMyHeritage – 92 millionShareThis – 41 millionHauteLook – 28 millionAnimoto – 25 millionEyeEm – 22 million8fit – 20 millionWhitepages – 18 millionFotolog – 16 million500px – 15 millionArmor Games – 11 millionBookMate – 8 millionCoffeeMeetsBagel – 6 millionArtsy – 1 millionDataCamp – 700,000
Animoto, MyFitnessPal and MyHeritage previously disclosed breaches last year. DataCamp, 500px, and CoffeeMeetsBagel confirmed this week that they’ve been breached as well, giving credence to the seller’s boast that this is real data and not just a scam.
These 16 databases are no longer available for sale now. Gnosticplayers said he took them down after buyers complained that a prolonged sale would eventually lead to some of these databases leaking online, and becoming available to everyone.
More updates to follow as we’re still looking at the data.
More data breach coverage:
Chinese company leaves Muslim-tracking facial recognition database exposed onlineHackers wipe US servers of email provider VFEmailDunkin’ Donuts accounts compromised in 2nd credential stuffing attack in 3 monthsChina hacked Norway’s Visma cloud software provider
Online casino group leaks information on 108 million bets, including user detailsAirbus data breach impacts employees in EuropeMassive breach leaks 773 million email addresses, 21 million passwords CNET
Hackers turn to data theft and resale on the Dark Web for higher payouts TechRepublic
Related Topics:
Security TV
Data Management
CXO
Data Centers