Hacker Wants $20,000 in Bitcoin for 620 Million Stolen Customer Details from MyHeritage, MyFitnessPal, 8fit and Fotolog
A hacker is claiming to have access to 620 million account details and is ready to sell it on the dark web for less than $20,000 worth of Bitcoin. It can be purchased from the Dream Market cyber-souk, located in the Tor network.
Here are the lists of sites whose account information the hacker possess: Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).
The stolen data contains information of interest to spammers and can be used for credential stuffing. This mostly includes names, emails and passwords, occasional personal details, location, and social media authentication. No bank details appear to have been compromised.
The stolen passwords are hashed, so hackers need to crack them before they use them. Most exposed are people who use weak passwords that can be easily decoded, and reuse them for multiple accounts.
The hacker said: “Security is just an illusion. I started hacking a long time ago. I’m just a tool used by the system. We all know measures are taken to prevent cyber attacks, but with these upcoming dumps, I’ll make hacking easier than ever.”
All of the databases are right now being promoted independently by one hacker, who says he or she exploited security vulnerabilities within web apps to gain remote-code execution and then extract user account data.
The records were swiped mostly during 2018 and went on sale this week. The Dubsmash data is already been by a buyer.