The AlphaBay is considered as the largest trading marketplace on Dark Web and that is something which makes the platform inquisitive about the prevailing vulnerabilities and security flaws. Recently a hacker has identified the existence of two very high-risk bugs and revealed that information on the Reddit’s forum posts. The hacker, who uses the alias name Cipher0007, has managed to steal 200,000 private messages of AlphaBay. These messages are exchanged between the buyers/users and sellers.
The ZDNet reported that the Cipher0007 has disclosed the vulnerabilities he found earlier on this week and revealed them on Reddit that these flaws can be used to steal many private messages on AlphaBay. He also compromised the website and took first and last names of both the sellers and buyers on the AlphaBay along with their addresses, nicknames and tracking IDs of their orders. The messages were not protected by any PGP keys, which made it even easier for Cipher0007 to steal them in such huge proportions.
The AlphaBay has posted an official statement on the Pastebin in which they have admitted presence of those bugs and also confirmed that the Cipher0007 hacked nearly 218,000 messages. It must also be noted that those hacked messages were not older than 30 days since the website’s system purges messages that are more than 30 days old automatically.
Cipher0007 has posted numerous screenshots in order to prove that he really managed to infiltrate AlphaBay and stole the private messages.
The Cipher0007 has also the opened support tickets on AlphaBay to warn other trading posts on Dark Web about the potentially dangerous security bugs and flaws that can expose their private identities of users. AlphaBay rewarded Cipher0007 for not selling these flaws or exposing that stolen data to the public. Then Cipher0007 disclosed the methods he used to exploit the AlphaBay to the company and finally the developers at the trading platform managed to fix the flaws.
This is not the first time when a Dark Web domain has been hacked. In 2015, Anonymous hackers defaced the official website of so-called Islamic State (Daesh, IS, previously ISIS/ISIL) terrorist group on Tor with a viagra advertisement.