For less than $20,000 in Bitcoins, any hacker can have access to some 617 million online account details stolen from 16 hacked websites. Account records from this multi-gigabyte databases consist mainly of account holder names, email addresses, and passwords.
These passwords are hashed or encrypted and need to be cracked before they can be used. These databases, depending on the sites, consist of user information such as location, personal details, and social media authentication tokens. By far, there are no payment or bank card details published in the black-market sale listing.
Hijacked databases of the following websites can be purchased from the Dream Market cyber-souk, located in the Tor network:
- Dubsmash – 162 million accounts, MyFitnessPal – 151 million accounts, MyHeritage – 92 million accounts, ShareThis – 41 million accounts, HauteLook – 28 million accounts, Animoto – 25 million accounts, EyeEm – 22 million accounts, 8fit – 20 million accounts, Whitepages – 18 million accounts, Fotolog – 16 million accounts, 500px – 15 million accounts, Armor Games – 11 million accounts, BookMate – 8 million accounts, CoffeeMeetsBagel – 6 million accounts, Artsy – 1 million accounts, and DataCamp – 700,000 accounts.
The hacker claimed to have exploited the security vulnerabilities within web apps to gain remote-code execution to extract user account data. All of the databases are right now being promoted separately by a single hacker on the dark web, as per reports.
Read More: The Register