Hacked Website Databases for Sale on the Dark Web

There has been a rash of stolen databases being sold on the dark web. On February 11th, The Register’s, Chris Williams reported that 620 million online account details were stolen from 16 hacked websites. Some of the more well-known sites were MyFitnessPal (owned by Under Armor), MyHeritage, Dubsmatch, and CoffeeMeetsBagel.

The hacker goes by the name Gnosticplayers and is allegedly in the US. She/he claims that the motives for stealing these databases are money and the downfall of American Pigs, as reported by ZDnet.com’s Catalin Cimpanu.

In round 2, shortly after the release of the 620 million user’s records, Gnosticplayers reportedly hacked another eight sites and acquired another 127 million user records. In round 3, they hacked another 96 million user records. In round 4, they were able to steal from another six companies, 26 million user records. The last two rounds they did not intend to hack, but did so because they believed that these companies did nothing to protect themselves.

Not all the companies hacked had their data offered for sale on the dark web. Some of the companies, especially startups, paid an extortion fee to protect their client lists.

The hacker claims the reason the attacks were successful was due to vulnerabilities found in the online web applications.

The databases vary in content, but they all have the individual’s names, email addresses and hashed passwords. Users who chose poor passwords that were stored in databases, that were protected by simple MD5 encryption, are easily cracked.

Who is buying these hacked databases? There are two groups that buy user databases- those that are spammers and the other group is known as credential stuffers. The stuffers take the user IDs and cracked passwords and attempt to log into other websites, pretending to act as the real owner and steal information, money, or try to exploit the real account owner.

To prevent your organization from being a victim of an attack like these, there are security controls that need to be put in place. Quanexus always recommends a layered security approach and we have developed our Q-Security Stack to make it more challenging for attackers to get your data.

The best protection end-users can
implement are:
• Use of strong password/pass
phrases of at least 13 characters
• Do not use the same password on
multiple sites
• Implement 2-factor
authentication if possible
• Keep your systems updated and
patched, including 3rd party
software, e.g. Adobe, Java,
and your browsers

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs