A Hacker Dumps Over One Billion User Records
According to ZDNet, a hacker by the name Gnosticplayers reveals to them in February about wanting to put up data of over one billion users for sale. ZDNet finds that the hacker is close to achieving this target after having released nearly 65.5 million records last week. So any soon he will reach that magic figure of 932 million records overall.
The hacker is responsible for the hacks of 44 companies, and since mid-February, the hacker has been the hacked data on a dark web marketplace for selling illegal products, such as guns, drugs, and hacking tools.
The data released were from companies like UnderArmor, 500px, ShareThis, GfyCat, and MyHeritage. Releases have been grouped in four rounds –Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).
In the latest release hacker revealed that the containing of 65.5 million users, which the hacker claims to have taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women’s fashion store Moda Operandi, and Apple repair center iCracked.
Later when ZDNet confirmed with each of the named businesses, and it was found that 38 victims have confirmed hacks, so this new batch of stolen data is likely to be authentic as well.
Dream Market admins decided to shut down its marketplace after being bombarded by nearly non-stop DDoS attacks and ransom demands.
The hacker’s quest for one billion data on sale for is termed as selfish, and obvious monetary reasons, there is more to Gnosticplayers’ actions than most people are aware. Gnosticplayers has confirmed that his foray into a public marketplace obvious one being money.
Hackers like Gnosticplayers are part of small underground communities of hackers and data hoarders. They hack companies, steal their data, and then sell it to vetted partners.
This is a lucrative business, and many of these hackers don’t have to sell their data on public marketplaces like Dream Market.
We say “public” because despite being hosted on the dark web, Dream Market is a very very public space, littered with law enforcement, journalists, and employees of many cyber-security firms.
Anyone selling data in such a public space is, without a doubt, looking for trouble and putting a bullseye on his back. Gnosticplayers, as confirmed, wants to be remembered in the same way hackers like Peace_of_Mind (or Peace) are remembered today.
With over 932 million records already available for sale on Dream, Gnosticplayers’ data hovers dangerously above all our heads, as it could greatly increase the capabilities of existing credentials stuffing botnets with new login combinations.
Selling data from small-time sites some have ridiculed Gnosticplayers, but Gnostic’s data should not be ignored, mainly due to its sheer size and everyone’s weakness for reusing passwords.
Kevin Jones932 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.