February 16, 2019 at
Last week, a hacker known by the user name ‘Gnosticplayers’ dumped as many as 617 million accounts which were stolen from 16 different hacked websites. Most of the hacked accounts came from sites such as Dubsmash (162 million accounts), MyFitnessPal (151 million), MyHeritage (92 million), and others. At the time, the hacker presented himself as a resourceful obtainer of information who is willing to work with anyone and provide anything as long as they get their payment.
Now, only a week later, the same hacker returns, with another massive data collection which contains around 126 million stolen accounts, mostly including their login credentials. The information is currently available on the dark web’s Dream Market.
Where did the data come from?
According to some samples of the stolen data, it would appear that a number of companies have had their websites compromised.
Ge.tt, for example, allegedly lost 1.83 million accounts, which the hacker is now selling for $572 (0.1609 BTC). The information was stolen from Ge.tt includes names, emails, and passwords of the site’s users, as well as their Facebook and Twitter access tokens. The website was seemingly attacked in December 2017.
Another company that suffered a breach is Ixigo, which allegedly lost around 18 million accounts. This is a hotel booking and travel website headquartered in India. Considering its purpose, it is immediately clear that a website such as this may be large storage of data, which is likely why the hacker targeted it. Gnosticplayers managed to steal the website users’ full name, email, hashed password, gender, IP addresses, Facebook URLs, and even ID numbers and password numbers in some cases. All of this data was made available by the hacker for $936 (0.263 BTC). According to data, it appears that the website was attacked as recently as on January 1st this year.
Next, there is PetFlow, which is a food delivery service for pets. This website lost around 1 million accounts in an attack that is believed to have taken place in 2017, and it includes usernames, hashed passwords, and emails. The hacker is selling the data for around $634, or 0.1769 BTC.
Stronghold Kingdoms, another hacked service, has lost five times as many accounts as PetFlow, with the hacker selling them for $1040 (0.2927). This is a large multiplayer online strategy game which was seemingly hacked in Septemeber 2018. Five million accounts were stolen in the process, and the stolen information includes usernames, emails, unencrypted passwords, and more.
Meanwhile, a website called Roll20, which consists of a set of tools for playing tabletop RPGs also ended up being targeted, with as many as 4 million accounts stolen. The data belonging to this site is currently being sold for $208 (0.0585 BTC), and it includes emails, names, passwords, web searches, device details, roles, and more. This hack is also relatively recent, as it is believed that it happened on January 1st, 2019.
The website that lost the least accounts is called Coinmama, and it “only” lost 486,297 accounts. The data includes emails and hashed passwords, and is believed to be stolen in August 2017. Meanwhile, the data is being sold for $1248, or 0.351 BTC.
Next, there is YouNow, which lost as many as 40 million accounts. This live broadcasting service lost their users’ first and last names, their email addresses, IP addresses, as well as links to various social networks. According to the sample, it would seem that the stolen data does not offer passwords, meaning that it might not be as dangerous (or expensive) as other breaches. This breach also happened in October 2017, and the data can currently be obtained for only 0.1317 BTC, or $468.
Finally, the website which suffered the greatest loss regarding the number of accounts — Houzz. Houzz is a website that focuses on architecture, interior design, decorating, home improvement, and alike. It is based in California, and it lost 57 million accounts in an attack that supposedly took place on the 1st of July, 2018. During the hack, the attacker stole users’ names, emails, hashed passwords, as well as account registration dates. This is by far the most expensive collection, as it costs $10,400, or 2.927.
So far, it appears that these, as well as previous breaches mentioned by the hacker, are all legitimate, meaning that these websites’ users should immediately change their passwords on affected websites. Furthermore, internet users are advised to keep track of similar breaches and see if they are affected on Have I Been Pwned? website.