Select Page

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web.

Last week, The Hacker News received an email from a Pakistani hacker who claims to have hacked dozens of popular websites (listed below) and selling their stolen databases online.

During an interview with The Hacker News, the hacker also claimed that many targeted companies have probably no idea that they have been compromised and that their customers’ data have already been sold to multiple cyber criminal groups and individuals.

Package 1: Databases From 16 Compromised Websites On Sale

In the first round, the hacker who goes by online alias “gnosticplayers” was selling details of 617 million accounts belonging to the following 16 compromised websites for less than $20,000 in Bitcoin on dark web marketplace Dream Market:

  • Dubsmash — 162 million accounts
  • MyFitnessPal — 151 million accounts
  • MyHeritage — 92 million accounts
  • ShareThis — 41 million accounts
  • HauteLook — 28 million accounts
  • Animoto — 25 million accounts
  • EyeEm — 22 million accounts
  • 8fit — 20 million accounts
  • Whitepages — 18 million accounts
  • Fotolog — 16 million accounts
  • 500px — 15 million accounts
  • Armor Games — 11 million accounts
  • BookMate — 8 million accounts
  • CoffeeMeetsBagel — 6 million accounts
  • Artsy — 1 million accounts
  • DataCamp — 700,000 accounts

Out of these, the popular photo-sharing service 500px has confirmed that the company suffered a data breach in July last year and that personal data, including full names, usernames, email addresses, password hashes, location, birth date, and gender, for all the roughly 14.8 million users existed at the time was exposed online.

Just yesterday, Artsy, DataCamp and CoffeeMeetsBagel have also confirmed that the companies were victims of a breach last year and that personal and account details of their customers was stolen by an unauthorised attacker.

Diet tracking service MyFitnessPal, online genealogy platform MyHeritage and cloud-based video maker service Animoto had confirmed the data breaches last year.

In response to the news, video-sharing app Dubsmash also issued a notice informing its users that they have launched an investigation and contacted law enforcement to look into the matter.

images from Hacker News