The so-called “mega-breaches” just keep on coming. Following the likes of LinkedIn, Tumblr and Myspace – major websites and platforms that have notably been in recent times for suffering data breaches – defunct P2P filesharing platform iMesh joins that list of targets who have had their servers breached.
iMesh, once the third largest peer to peer file sharing platform in the United States, was the target of a data breach that has now resulted in a hacker selling the details of over 51 million records for 0.5 bitcoin, approx. $350.
The revelation was made by breach notification resource LeakedSource, a website that allows users to check if their credentials or personal details are a part of any stolen data troves.
Early investigation indicates that the records were hacked in September 2013. The stolen database contains records such as:
- Email addresses
- Residence/ country locations
- Dates of signing-up
- IP addresses
The passwords were stored in several MD5 rounds that included salting, a measure that makes password decryption exponentially harder. While this may seem like a good sign in a leaked database that contains over 51 million users’ details, the MD5 method can easily be cracked by modern computers.
Related read: Nearly Half a BILLION Passwords Stolen in MySpace Breach
Depressingly, the top passwords used by iMesh users, as determined by LeakedSource, include:
The hacker and seller of the stolen data goes by the moniker “Peace” who is the same hacker behind the sales of stolen data from LinkedIn, VK.com, Badoo and more.
In an encrypted chat with ZDNet, Peace reportedly confirmed that the sale of the trove has gone up, with the database sold for 1 bitcoin instead.
In an email, iMesh chief operating officer Roi Zemmer insisted that the company behind the now-defunct iMesh “is not aware of any hacks.” He also claimed that the website is “using the state of the art technology to protect its users’ info.”
Image credit: iMesh