Hackers and Dark Web enthusiasts are currently feasting on what data collectors consider as one of the most massive data collection sale s of the year. According to several reports, the leak includes accounts from alleged forum users. A few days ago, a hacker just posted on a hacking forum several extensive databases for sale, which he claims that the affected user accounts amount to more or less 550 million records combined.
The sale, according to reports, started around May 7th. The hacker posted the stolen collection and was being sold like hotcakes to other hackers, individually. After checking and analysis, a cybersecurity firm disclosed that most of the information on the databases that the hacker sold is quite old. With some dating as far as 2012, and the newest ones checked was from a few months ago. Nevertheless, these are sensitive account information we are talking about, and it’s still considered a considerable risk, or threat, depending on how you see it.
The significant number of accounts for sale is considerably alarming, not only because of the possible privacy concerns and personal information of a large number of individuals, but also the fact that this exposed information could be used to perform other sorts of malicious and fraudulent activities such as scams, identity theft, and even targeted phishing attacks. The said consequences could prove to be devastating not only to the companies involved but even more so to the people that just had their information exposed and put up for sale.
One notable collection that was included in this group is the 47 million user records (phone numbers) from the Dubsmash Breach of 2018. The records were put up for sale on the Dark Web Marketplace by a hacker that goes by the monicker – gnosticplayer. Bitcoin was the payment currency used to make purchases at the time in exchange for illegal and illegally-acquired products and services. Needless to say, the items we are talking about could mean other stuff, like – drugs, malicious software packages, possibly weapons (literally), and of course, stolen user data.
Similar to the breach from 2-years ago, the database sale has a bonus for would-be buyers. Some considerable amount of data from the collection already includes cracked passwords, which makes it a whole lot easier for hackers and scam/phishing aficionados to do their dirty work.
Since it’s discovery, the affected companies had done the following:
• have immediately secured their servers
• upped their security management
• patched every possible hole
• and advised all their users to change their passwords.