Original Post from Security Affairs
Author: Pierluigi Paganini
The popular hacker Gnosticplayers made the headlines again, he is offering for sale on the dark web the fifth round of hacked accounts.
The popular hacker Gnosticplayers is offering for sale on the dark web the fifth round of hacked accounts.
Between February and March, the hacker disclosed the existence of some massive unreported data breaches in four rounds. The experts offered for sale the huge trove of data for a limited period of time, he stole over 932 million user records from 44 companies.
Gnosticplayers in an exclusive conversation with HACKREAD claimed to be a Pakistani citizen,
In a first round, the seller listed a batch of 620 million accounts coming from 16 breached websites including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis. A few days later, Gnosticplayers offered a new batch of 127 million records originated from eight companies.
The third round contained more than 92 million hacked users’ accounts from 8 new websites, including the GIF hosting platform Gfycat.
In the fourth batch, the hacker offered millions of records stolen from the following websites;
- Youthmanual — Indonesian college and career platform — 1.12 million accounts
- GameSalad — Online learning platform —1.5 million accounts
- Bukalapak — Online Shopping Site — 13 million accounts
- Lifebear — Japanese Online Notebook — 3.86 million accounts
- EstanteVirtual — Online Bookstore — 5.45 Million accounts
- Coubic — Appointment Scheduling — 1.5 million accounts
Now the hacker is offering a new batch of 65.5 million records on the Dream Market underground marketplace, for a grand total of 932 million records.
The list of victims for this round includes six companies: the gaming platform Mindjolt, the online community for shopping Wanelo, the Apple repair center iCracked, the travel company Yanolja, the e-invitations service Evite, and women’s fashion store Moda Operandi.
Below the data composing the fifth round:
Mindjolt(฿ 0.1008) – 28M – email, full name, birth date, register date, gaming details, no password; Wanelo(฿ 0.159) – 23M – email, username, password (3 million MD5, remaining protected with bcrypt) iCracked(฿ 0.1108) – 1.5M – name, physical address, geo-location details, email, password, and more; Yanolja(฿ 0.1209) – 1.5M – email, MD5 password;
- Evite (฿ 0.2419) – 10M – full name, country, email, IP address,
cleartextpassword; ModaOperandi (฿ 0.1129) – 1.5M – email, name, password (SHA1), user-agent, IP address, and more;
The post Gnosticplayers round 5 – 65 Million+ fresh accounts from 8 security breaches available for sale appeared first on Security Affairs.
Go to Source
Author: Pierluigi Paganini