We get it: Ads are not what you are here for. But ads help us keep the lights on. So, add us to your adblock's whitelist or register for free to remove this notice. Either way, you are supporting our journalism. We'd really appreciate it.
Hack Hex received an email from a Pakistani hacker, who goes by online alias Gnosticplayers. The hacker has previously hacked dozens of popular websites from companies which, according to him, probably had no idea that they were compromised.
Just last month the hacker made three rounds of stolen accounts up for sale, posting details of 620 million accounts stolen from 16 websites in the first round, 127 million records from 8 sites in the second, and 92 million from 8 websites in the third.
The hacker released the fourth round containing nearly 27 million new users’ records originating from 6 other websites.
Gnosticplayers told Hack Hex in an email that the fourth round up for sale on Dream Market belonged to the following 8 hacked websites:
- Youthmanual — Indonesian college and career platform — 1.12 million accounts
- GameSalad — Online learning platform —1.5 million accounts
- Bukalapak — Online Shopping Site — 13 million accounts
- Lifebear — Japanese Online Notebook — 3.86 million accounts
- EstanteVirtual — Online Bookstore — 5.45 Million accounts
- Coubic — Appointment Scheduling — 1.5 million accounts
The hacker is selling each of the above listed hacked databases individually on Dream Market for a total worth 1.2431 Bitcoin, that’s roughly $5,000.
The hacker mentioned that he put up the data for sale mainly because these companies had failed to protect passwords with strong encryption algorithms like bcrypt.
Since the majority of compromised services listed in previous rounds have acknowledged the data breaches, it’s likely that the new round of stolen accounts being sold on the underground market is also legit.
Gnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale. Some companies gave into extortion demands and paid fees so breaches would remain private.