“Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove’s seller.,” Chris Williams reports for The Register. “For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network: Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).”
“Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords,” Williams reports. “These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.”
“There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listings,” Williams reports. “These silos of purportedly purloined information are aimed at spammers and credential stuffers, which is why copies are relatively cheap to buy. The stuffers will take usernames and passwords leaked from one site to log into accounts on other websites where the users have used the same credentials.”
Much more in the full article here.
MacDailyNews Note: As always, employ strong, unique passwords for every service and use multi-step verification wherever possible.
Hackers expose 773 million email addresses and 21 million passwords, check yours here – January 17, 2019
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo discloses ‘largest hack of all time,’ says hackers stole data from over one billion users – December 15, 2016