Hacker is selling account databases containing a total of 34 million user records stolen from 17 companies.
User Data was found on Sale!
A recent report by Bleeping Computers, who verified the samples of User data from nearly 17 companies and confirmed some of them to be true. On October 28th, a data breach broker created a new topic on a hacker forum to sell those stolen user databases.
Moreover, it is not clear how someone accumulated the records from the allegedly hacked companies. It is likely that hackers circulate and sell those data underground.
According to the seller, the data breaches that took place in 2020, none of the companies have disclosed security breaches prior to this week. Only RedMart disclosed its breach.
In a conversation with BleepingComputer, the seller told us that they were not responsible for hacking into the seventeen companies and is acting as a broker for the databases.
When asked how the hacker gained access to the various sites, the seller stated, “Not sure if he want to disclose.“
Initially, the stolen data was typically sold first in private sales ranging from $500. But later, in order to increase a threat actor’s ‘street cred,’ the stolen data was set for free in hackers forum.
Companies allegedly database breached
According to a data breach broker, all the sold databases were obtained in 2020. With the largest breach being Geekie.com.br with 8.1 million records. The most well-known affected company is Singapore’s RedMart that exposed 1.1 million records for $1,500.
The seventeen databases being sold:
|Geekie.com.br||8.1 million||No||emails, bcrypt-sha256/sha512 hashed passwords, usernames, names, DoB, gender, mobile phone number, Brazilian CPF numbers|
|Clip.mx||4.7 million||No||email, phone|
|Wongnai.com||4.3 million||Yes via email||email, password md5, ip, facebook & twitter id, names, birthdate, phone, zip|
|Cermati.com||2.9 million||No||emails, password bcrypt, name, address, phone, revenue, bank, tax number, id number, gender, job, company, mothers maiden name|
|Everything5pounds.com||2.9 million||No||emails, hashed passwords, name, gender, phone number|
|Eatigo.com||2.8 million||No||email, password md5, name, phone, gender, facebook id & token|
|Katapult.com||2.2 million||No||email, password pbkdf2-sha256/unknown, name|
|Wedmegood.com||1.3 million||No||email, password md5, username, birthdate, name|
|RedMart||1.1 million||Yes||emails, SHA1 hashed passwords, mailing and billing addresses, full name, phone numbers, partial credit cards numbers and exp dates|
|Coupontools.com||1 million||No||email, password bcrypt, name, phone, gender, birthdate|
|W3layouts.com||789K||No||email, password bcrypt, ip, country, city, state, phone, name|
|Game24h.vn||779K||No||email, password md5, username, birthdate, name|
|Invideo.io||571K||No||email, password bcrypt, name, phone|
|Apps-builder.com||386K||No||email, password md5crypt, ip, name, country|
|Fantasycruncher.com||227K||No||email, password bcrypt/sha1, username, ip|
|Athletico.com.br||162K||No||email, password md5, name, cpf, birthdate|
|Toddycafe.com||129K||No||email, password unknown, name, phone, address|
At once BleepingComputer contacted all the affected companies, Wongnai.com responded back, “Thanks for your inquiry, we were aware of this incident last night (Bangkok time) and our tech team has been investigating this matter,”
Did you Sign-Up on these Sites?
- If you are a user on one of these sites, assume your account has been breached and change your password immediately.
- Make the password strong and complex
- Use a unique password at every site, prevent a data breach at one site from affecting you at other websites you use.
- Use a password manager to help you keep track of unique and robust passwords at every site.