Earlier this week, this site reported an individual who was selling 620 million user records he claimed had stolen from 16 companies. It now appears that this individual has placed a further 127 million user records on The Dark Web for sale. The records originate from a further eight companies, see original report HERE.
Affected Companies
The companies from this second batch where accounts have been hacked are as follow:
- Ge.tt – 183 million
- Ixigo – 18 million
- Roll20.bet – 4 million
- Houzz – 57 million
- Coinmama – 420,000
- Younow – 40 million
- StrongHoldKingdoms – 5 million
- Petflow – 1 million
These records are currently for sale on the marketplace Dream Market where crooks buy and sell a variety of illegal products from user data to drugs and weapons.
Of this new batch of companies, Houzz reported last week that they had been the victim of a data breach. The other seven companies have not released any public statements regarding this data so far.
Hacker Selling Data
The person selling the data goes by the name of Gnosticplayers. It is unclear if he is directly involved in stealing the data from there 24 companies, though he has claimed to have hacked the sites previously.
When TechCrunch first reported this new batch of hacked accounts, Gnosticplayers was asking for about four bitcoin, which is roughly $14,500 in flat currency. Prices vary for each batch depending on the quality of the user data and how difficult it is to crack the password hashes.
Many companies from the previous batch including Animoto, MyFitnessPal and MyHeritage have disclosed breaches in the past year. This suggests that the hackers claim that this is real data could be true.
The latest 16 databases have now been taken off the market place and are no longer for sale. The individual involved, Gnosticplayers said he took them down after buyers complained that a prolonged sale would lead to some of these databases leaking online and becoming available to everyone.