Gnosticplayers, a cybercriminal making waves this month from dumping over millions of hacked accounts onto the dark web for sale, has struck again with another batch of hacked accounts. The notorious hacker, who, according to reports, is a Pakistani national, posted 127 million compromised online accounts from eight popular websites on a dark web marketplace for sale. The stolen data is made up of emails, logins, names, and passwords. He, however, did not include any financial accounts.
The stolen accounts were reportedly acquired from eight popular websites, including Stronghold Kingdoms (5 million), PetFlow and Vbulletin forum (1.5 million), Ixigo (18 million), YouNow (40 million), Ge.tt (1.83 million), Coinmama (420,000), Houzz (57 million), and Roll20.net.
Gnosticplayers detailed how some amateur decisions of some websites gave him little stress in breaking into their system. He highlighted how PetFlow and Ixigo used an outdated MD5 algorithm to scramble passwords, which were very easy to figure out. The hacker also stated that majority of the websites are entirely in the dark and had no idea that their private data were out in the open and being sold to cybercriminals across the globe.
After dumping the second batch of hacked accounts on the Dream Market, a dark web marketplace functioning since 2013, Gnosticplayers then demanded a fee of $14,500 in cryptocurrencies, preferably bitcoin, without any option of installments. This fee would give anyone complete access to the batch of accounts on the marketplace.
The hacker halted the collection of accounts after some period, claiming it was a decision to avoid many buyers from losing control of the whole data. He then announced that all listings had been removed to prevent them from excess buying from clients and then getting leaked. According to him, another batch of hacked accounts would soon hit the dark web again.
Some of the websites that fell victim to Gnosticplayers have confirmed the hack and have subsequently begun to reset their users’ passwords to prevent any further damage.
This hack is the latest in a string of hacks over the past few months. In the early stages of the month, this same cybercriminal completed a hack of a relatively more significant number of websites, dumping almost 620 million compromised online accounts on the dark web and auctioning them for $20,000 worth of bitcoin. The 620 million online accounts were hacked from 16 popular websites, including MyFitnessPal (151 million), Dubsmash (162 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), CoffeeMeetsBagel (6 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Artsy (1 million), DataCamp (700,000), and others such as gaming studios and e-commerce stores.
The stolen data included email addresses and passwords, account names, and local information. However, most email addresses and passwords were still hashed, meaning that they would require cracking before being used. The data didn’t have any bank card or payment details in the sales listings. Just like this latest hack, the information was again dumped on the Dream Market, one of the biggest dark web marketplaces.
According to reports, Gnosticplayers, at the time of the hack, claimed that the data was stolen last year and that he cracked security vulnerabilities within web apps to be able to deploy remote-code execution, which allowed them to extract user account data easily. Reporters, in a bid to determine whether the vast data pool was indeed real, contacted MyHeritage, one of the websites which was hacked, asking if they had suffered a breach last year. The site then confirmed that indeed the data on the dark web was legitimate, and it was working on keeping their systems safe against any future attacks. Other websites also confirmed that the info in the data pool was legit.
The hacker again made it known that the millions of data hacked from Dubsmash alone were bought by at least one person. In one of his posts on his Dream Market account, he wrote: “I don’t think I am deeply evil, I need the money. I need the leaks to be disclosed.” He then added, “Security is just an illusion. I started hacking a long time ago. I’m just a tool used by the system. We all know measures are taken to prevent cyber-attacks, but with these upcoming dumps, I’ll make hacking easier than ever.”
by: Kofi Anash