The flow of stolen data on sale on the dark web doesnât stop. The Gnosticplayers cybercrime hacker advertises a new batch of credentials coming from 8 companies
The flow of stolen data on sale on the dark web doesnât stop. After the well known case of the #Collection #1, here it comes the Gnosticplayers affair. It takes the name from a cybercrime hacker, who disclosed the existence of someÂ massive unreported data breachesÂ in three rounds. The last one, just published. The new set of databases contains millions of hacked accounts from several websites, like previous ones the malicious actor made available for sale on Dream Market. According to Security Affairs, the first one was a batch of 620 million accountsÂ coming from 16 breachedÂ websites includingÂ Dubsmash, Armor Games, 500px, Whitepages, and ShareThis. A few days later, the second arrived: a new archive of 127 million records originated from eight companies, whose cyber security was compromised. Then, sunday, he/her advertised the last group of credentials.
This batch of credentials is really dangerous. None of the companies involved was aware of the data breach of its systems. Their cyber security and that of customers is at risk
The Gnosticplayers ultimate batch of stolen data contains more than 92 million hacked usersâ accounts from 8 new websites, including the GIF hosting platform Gfycat. According to The Hacker News, in this round the 8 websites that suffered the data breaches are PizapÂ (Photo editor) â 60 million, JobandtalentÂ (Online job portal) â 11 million, GfycatÂ (GIF hosting service) â 8 million, StorybirdÂ (Online publishing platform) â 4 million, Legendas.tvÂ (Movie streaming site) â 3.8 million, OnebipÂ (Mobile payment service) â 2.6 million, ClasspassÂ (Fitness and Yoga center) â 1.5 million, and StreeteasyÂ (Real estate) â 990,000 (1 million). Like previous rounds, the cybercrime hacker offers them for sale for a total $9,700 worth of Bitcoin. Moreover, this archive could be really precious for who wants to use the stolen credential to bypass the cyber security of the affected sites. This, because none of the companies involved was aware of the data breach of its systems.