Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
The flow of stolen data on sale on the dark web doesn’t stop. The Gnosticplayers cybercrime hacker advertises a new batch of credentials coming from 8 companies
The flow of stolen data on sale on the dark web doesn’t stop. After the well known case of the #Collection #1, here it comes the Gnosticplayers affair. It takes the name from a cybercrime hacker, who disclosed the existence of some massive unreported data breaches in three rounds. The last one, just published. The new set of databases contains millions of hacked accounts from several websites, like previous ones the malicious actor made available for sale on Dream Market. According to Security Affairs, the first one was a batch of 620 million accounts coming from 16 breached websites including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis. A few days later, the second arrived: a new archive of 127 million records originated from eight companies, whose cyber security was compromised. Then, sunday, he/her advertised the last group of credentials.
This batch of credentials is really dangerous. None of the companies involved was aware of the data breach of its systems. Their cyber security and that of customers is at risk
The Gnosticplayers ultimate batch of stolen data contains more than 92 million hacked users’ accounts from 8 new websites, including the GIF hosting platform Gfycat. According to The Hacker News, in this round the 8 websites that suffered the data breaches are Pizap (Photo editor) — 60 million, Jobandtalent (Online job portal) — 11 million, Gfycat (GIF hosting service) — 8 million, Storybird (Online publishing platform) — 4 million, Legendas.tv (Movie streaming site) — 3.8 million, Onebip (Mobile payment service) — 2.6 million, Classpass (Fitness and Yoga center) — 1.5 million, and Streeteasy (Real estate) — 990,000 (1 million). Like previous rounds, the cybercrime hacker offers them for sale for a total $9,700 worth of Bitcoin. Moreover, this archive could be really precious for who wants to use the stolen credential to bypass the cyber security of the affected sites. This, because none of the companies involved was aware of the data breach of its systems.