Its only the second month of 2019 and we are already getting some news about massive data breaches. In a recent data breach, the credentials of about 620 million accounts from 16 websites that were hacked during the past two years are currently for sale to stuffers and spammers over the Dark Web (You know what it is). Each hacked platform has yielded a unique collection of data that can be separately sold to anyone interested, while the whole bundle costs approximately $20000 in Bitcoin.
Some of the hacked websites had already informed their users of the data breaches since last year, while others have only realised it now, or opted to keep it secret until today. In all cases, people that had their accounts compromised are urged to immediately change their passwords used in the hacked and any other websites as well.
Here is a detailed list of the account credentials that are on sale right now:
- Dubsmash – 11 GB of data, 161.5 million accounts, $1975, user ID, hashed password, username, email address, country
- 500px – 1.5 GB of data, 14.9 million accounts, $780, username, email address, hashed password
- EyeEm – 1.7 GB of data, 22.4 million accounts, $1040, email address and hashed password
- 8fit – 1.9GB of data, 20.2 million accounts, $730, email address, hashed password, country, Facebook token, Facebook profile name, IP address
- Fotolog – 5.9 GB of data, 16 million accounts, $1870, email address, hash password, answers to security questions, full name
- Animoto – 2.1 GB of data, 25.4 million accounts, $1145, user ID, hashed password, email address, full name, date of birth
- MyHeritage – 3.6 GB, 92.3 million accounts, $1975, email address, hashed password, date of account creation
- MyFitnessPal – 3.5 GB, 150.6 million accounts, $1040, user ID, username, email address, hashed password, IP address
- Artsy – 184 MB of data, 1 million accounts, $100, email address, IP address, full name, location, hashed password
- Armor Games – 1.8 GB of data, 11 million accounts, $990, username, email address, hashed password, date of birth, location, gender
- Bookmate – 1.7 GB of data, 8 million accounts, $570, username, email address, hashed password, gender, date of birth
- CoffeeMeetsBagel – 673 MB of data, 6.2 million accounts, $470, full name, email address, age, registration date, gender, hashed password
- DataCamp – 82 MB of data, 700k accounts, $45, email address, hashed password, location
- HauteLook – 1.5 GB of data, 28 million accounts, $780, email address, hashed password, full name
- ShareThis – 2.7 GB of data, 41 million accounts, $780, full name, username, email address, hashed password, gender, date of birth
- Whitepages – 2.9 GB of data, 17.8 million accounts, $1560, email address, hashed password, full name
While the passwords are hashed with SHA256 in most cases, hackers nowadays won’t find it very hard to decrypt passwords hidden behind such obsolete hashing algorithms.
According to The Register, the seller of the above data dump claims that he has as many as 20 databases containing a billion accounts to dump online, while others will be kept secret for private use. As he/she stated: “I don’t think I am deeply evil. I need the money. I need the leaks to be disclosed. Security is just an illusion. I started hacking a long time ago. I’m just a tool used by the system. We all know measures are taken to prevent cyber attacks, but with these upcoming dumps, I’ll make hacking easier than ever.”