A hacker who was advertising particulars of nearly 620 million on the web accounts stolen from 16 common sites has now place up a second batch of 127 million information originating from 8 other web pages for sale on the dim world wide web.
Final 7 days, The Hacker News gained an e mail from a Pakistani hacker who claims to have hacked dozens of well-liked websites (outlined underneath) and promoting their stolen databases online.
All through an interview with The Hacker News, the hacker also claimed that several specific providers have possibly no plan that they have been compromised and that their customers’ data have previously been offered to many cyber criminal teams and people today.
Bundle 1: Databases From 16 Compromised Web-sites On Sale
In the initially round, the hacker who goes by on-line alias “gnosticplayers” was offering specifics of 617 million accounts belonging to the next 16 compromised websites for a lot less than $20,000 in Bitcoin on dark web marketplace Desire Industry:
- Dubsmash — 162 million accounts
- MyFitnessPal — 151 million accounts
- MyHeritage — 92 million accounts
- ShareThis — 41 million accounts
- HauteLook — 28 million accounts
- Animoto — 25 million accounts
- EyeEm — 22 million accounts
- 8fit — 20 million accounts
- Whitepages — 18 million accounts
- Fotolog — 16 million accounts
- 500px — 15 million accounts
- Armor Online games — 11 million accounts
- BookMate — 8 million accounts
- CoffeeMeetsBagel — 6 million accounts
- Artsy — 1 million accounts
- DataCamp — 700,000 accounts
Out of these, the well-known photograph-sharing services 500px has confirmed that the business experienced a facts breach in July final yr and that personal data, like full names, usernames, electronic mail addresses, password hashes, location, birth day, and gender, for all the roughly 14.8 million customers existed at the time was exposed on the web.
Just yesterday, Artsy, DataCamp and CoffeeMeetsBagel have also confirmed that the businesses have been victims of a breach final yr and that private and account details of their shoppers was stolen by an unauthorized attacker.
Diet program monitoring service MyFitnessPal, on the net genealogy platform MyHeritage and cloud-primarily based online video maker assistance Animoto had confirmed the data breaches last yr.
In reaction to the news, video clip-sharing application Dubsmash also issued a discover informing its buyers that they have released an investigation and contacted legislation enforcement to look into the issue.
Deal 2: Hacked Databases From 8 Much more Web-sites On Sale
Though placing the 2nd spherical of the stolen accounts up for sale on the Dream Market—one of the major dim internet marketplaces for unlawful narcotics and drug paraphernalia—the hacker eradicated the assortment of the 1st spherical to keep away from them from having leaked and land on protection initiatives like Google’s new Password Checkup software.
Gnosticplayers informed The Hacker News in an email that the 2nd round detailed stolen info from 127 million accounts that belonged to the next 8 hacked web-sites, which was up for sale for $14,500 in bitcoin:
- Houzz — 57 million accounts
- YouNow — 40 million accounts
- Ixigo — 18 million accounts
- Stronghold Kingdoms — 5 million accounts
- Roll20.internet — 4 million accounts
- Ge.tt — 1.83 million accounts
- Petflow and Vbulletin discussion board — 1.5 million accounts
- Coinmama (Cryptocurrency Trade) — 420,000 accounts
Of the earlier mentioned-shown internet sites, only Houzz has confirmed the safety breach before this month that compromised its customers’ community facts and particular interior account details.
Like the first round, the the latest selection of 127 million stolen accounts has also been eradicated from the sale on the dim net.
While some of the services are resetting users’ passwords immediately after confirming its details was stolen, if you are a consumer of any of the earlier mentioned-outlined services, you really should think about shifting your passwords in the occasion you re-made use of the exact same password throughout distinct sites.