620m stolen accounts for sale on the dark web

The Register has revealed that 620m online account details have been stolen from 16 hacked websites which are now available for sale on the dark web.

A data trove hacker told the website that the details are available for sale on the Dream Market forum, located in the Tor network, for less than $20,000 Bitcoins.

Data was collected from popular websites including: Dubsmash (162m), MyFitnessPal (151m), MyHeritage (92m), ShareThis (41m), HauteLook (28m), Animoto (25m), EyeEm (22m), 8fit (20m), Whitepages (18m), Fotolog (16m), 500px (15m), Armor Games (11m), BookMate (8m), CoffeeMeetsBagel (6m), Artsy (1m), and DataCamp (700,000).

Reporters at The Register have examined the account records from the multi-gigabyte database and concluded that they appear to be legit.

Hashed passwords

According to the report, most of the data consists of account holder names, email addresses, and passwords. However, the report states, that the passwords are hashed, or in other words, encrypted, which means that they need to be “cracked” before they can be used.

Other personal information may have also been exposed, including location, personal details, and social media authentication tokens. However, no bank information appears to be on the list.

Some of these breaches were already known about but if a hacker is able to crack some of the passwords, that information could be used to target users of hacked websites.

“All of the databases are right now being touted separately by one hacker, who says he or she typically exploited security vulnerabilities within web apps to gain remote-code execution and then extract user account data.” According to The Register. “The records were swiped mostly during 2018, we’re told, and went on sale this week.”

One buyer

The seller, who is believed to based somewhere outside the US, told the tech website that the Dubsmash data has been purchased by at least one person.

The trove seller also told the website that it has “swiped roughly a billion accounts from servers” since 2012 when the hacking started.

“I don’t think I am deeply evil,” the miscreant told the website. “I need the money. I need the leaks to be disclosed.

“Security is just an illusion. I started hacking a long time ago. I’m just a tool used by the system. We all know measures are taken to prevent cyber-attacks, but with these upcoming dumps, I’ll make hacking easier than ever.”

Initiate “forensic procedure”

Ilia Kolochenko, CEO of the High-Tech-Bridge, commented on the breach, by saying: “Without further verification, it rather looks like a secondary offering of breached databases on the black market.

“The first, thus exclusive and the most expensive sale, usually takes place in confidence and without notice to the breached party. Once multiple databases are grouped to be publicly offered, they are likely sold not for the first time.

“The biggest risk of targeted individual attacks against the victims, however, is probably already in the past: now the buyers will likely conduct large-scale phishing and malware campaigns without a high degree of sophistication. Nonetheless, the victims may still face password re-use attacks and therefore should be particularly cautious within the next few months.

“Those websites that haven’t yet discovered the breaches themselves should immediately initiate a forensic procedure and talk to their legal advisors to coordinate disclosure imposed by the applicable law. Failure to do so may increase the damages sought by the victims and lead to supplementary monetary penalties by the authorities.”

Related Posts