620 Million Accounts Were Stolen From Hacked Sites, Now On Sale For BTC On The Dark Web
Around 620 million online accounts were hacked and had their details stolen by someone. Now, this person is trying to sell this information on the dark web on the Dream Market Cybersouk, a dark web site. With less than $20,000 USD in BTC, someone can buy these accounts.
So far, reports seem to indicate that the database is real and that consists mostly of account holder names, email addresses, and passwords. They are encrypted and the keys are being sold. Other details like location, personal details, and social media information may also be a part of the database.
The list is as follows: Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million) and DataCamp (700 thousand).
Fortunately, no Facebook, Twitter or Google account was hacked, so the largest sites are protected, but some people may use the information from these hacked accounts to discover who owned them and use the passwords elsewhere.
Hackers and all kinds of thieves will be the type of people who will be more interested in this data and it can be bought from the people who stole it in the first place for a rather cheap amount of BTC, considering how much sensitive information the person in buying.
With this kind of sensitive information, it can be very easy for someone with bad intentions to actually hack the whole network of sites used by an individual. This happens mostly because people tend to use the same passwords on many sites.
Most of the records were stolen during 2018 and started to be sold this week. The seller is someone from outside of the United States and reports The Register to affirm that the data was sold to at least one person. While some of these sites warned their users when they were hacked, most of them did not, which possibly has not prompted the users into changing their passwords.
When asked whether the information was legitimate by The Register, most companies affirmed that the data was, indeed, stolen. According to them, most were hacked during some time in 2017 or 2018.
For more exact information on the amount of information that was stolen, you can visit The Register’s site. Some sites have gigabytes of data that were stolen from them and are very thorough while others have less information.