Experts have discovered a new batch of 127 million stolen records belonging to 8 websites for sale on dark web market place Dream Market.
Earlier this week the same group listed another batch of stolen records consisting of 620 million user data from 16 popular websites.
According to reports the hacker who goes by the online handle “gnosticplayers” is behind the incident.
The first batch consisted of 620 million stolen records belonging to 16 websites and was put up for sale for less than $20,000 in Bitcoin on dark web.
Below is the list of website and no of accounts compromised
- Dubsmash (162 million);
- MyFitnessPal (151 million);
- MyHeritage (92 million);
- ShareThis (41 million);
- HauteLook (28 million);
- Animoto (25 million);
- EyeEm (22 million);
- 8fit (20 million);
- Whitepages (18 million);
- Fotolog (16 million);
- 500px (15 million);
- Armor Games (11 million);
- BookMate (8 million);
- CoffeeMeetsBagel (6 million);
- Artsy (1 million);
- DataCamp (700,000)
Companies like 500px,datacamp, Artsy,CoffeeMeetsBagel, MyFitnessPal,8fit and MyHeritage has already confrimed the breach. Social media app Dubsmash has also issued a breach notification to it users saying they are investigating the issue.
In the second batch, 127 million accounts belonging to 8 websites were put up for sale on dark web market place for $14,500 in bitcoin.
- Houzz (57 million accounts)
- YouNow (40 million accounts)
- Ixigo (18 million accounts)
- Stronghold Kingdoms (5 million accounts)
- Roll20.net (4 million accounts)
- Ge.tt (1.83 million accounts)
- Petflow and Vbulletin forum (1.5 million accounts)
- Coinmama (Cryptocurrency Exchange) (420,000 accounts)
Like the first batch which was removed to avoid too many customers from buying it and the second batch of stolen records was also removed from the sale on the dark web.
Earlier this month researchers discovered a collection of databases containing 2.2 billion unique usernames and passwords freely distributed in hacker forums and torrents.
On Sunday the third batch of stolen records consisting of 92 million accounts from 8 websites was put for sale on the dark web by the same hacker for around $9,700 in Bitcoin.
Below is the list of websites and no if accounts disclosed in the third batch:
- Pizap (60 million)
- Jobandtalent (1 million)
- Gfycat ( 8 million)
- Storybird (4 million)
- Legendas.tv ( 3.8 million)
- Onebip (2.6 million)
- Classpass ( 1.5 million)
- Streeteasy (1 million)
As of now none of the websites mentioned above has confirmed or disclosed the breach incident.
If you are a user of any of the above websites mentioned, users are advised to change their password and enable multi-factor authentication on their accounts.
You may be interested in reading:Several Photo Editing Apps Found Stealing Users Photos