Details of 620 million accounts were found for sale on the dark web, stolen from 16 different hacked websites.
According to The Register, the stolen information was put up on the Tor network site Dream Market cyber-souk. A single hacker stole the account information up for sale. This malicious actor exploited the security vulnerabilities present within the sites and executed remote-code to extract user data.
The stolen accounts are on sale for less than 20,000 Bitcoin. Information included account names, email addresses, and hashed passwords. Additionally, information on location, social media authentication tokens, and personal details were also being sold depending on each stolen database. Payment and banking details were not listed for sale.
The hacker told The Register that his goal in putting up the stolen accounts was to ‘make life easier for hackers’. He plans to sell the information to anyone who promises to keep the data secret. This attacker has been hacking accounts since 2012 and information on at least 20 databases.
Further, the hacker stated:
“I don’t think I am deeply evil. I need the money”
“Security is just an illusion. I started hacking a long time ago. I’m just a tool used by the system. We all know measures are taken to prevent cyber attacks, but with these upcoming dumps, I’ll make hacking easier than ever.”
Hacked accounts came from the following sites:
- Dubsmash: 162 million
- MyFitnessPal: 151 million
- MyHeritage: 92 million
- ShareThis: 41 million
- HauteLook: 28 million
- Animoto: 25 million
- EyeEm: 22 million
- 8fit: 20 million
- Whitepages: 18 million
- Fotolog: 16 million
- 500px: 15 million
- Armor Games: 11 million
- BookMate: 8 million
- CoffeeMeetsBagel: 6 million
- Artsy: 1 million
- DataCamp: 700,000
Of the 16 hacked companies only three, MyFitness, Animoto, MyHeritage, had previously disclosed data breaches in the last year. MyHeritage confirmed to The Register, that the data on sale was taken from their servers in October 2017. 500px also confirmed that the same account data stolen from their server was up for sale.
Targeted buyers include attackers who want to execute credential stuffing attacks or send out spams. Credential stuffers would take the usernames and passwords and log into other accounts on other websites. So, any victims using the same username and password for multiple accounts could have their accounts hacked. It is crucial for any users who may have had their account information stolen to change their passwords.
If your organization has been hacked contact LIFARS immediately