The data reportedly stems from 16 separate data breaches and is hosted on Dream Market, an illegal marketplace on the dark web.
Go from OpenAPI-to-GraphQL in 2 minutes
Create GraphQL interfaces in minutes and build mobile or client apps quicker. Leverage free, open source IBM Code Patterns.
Click here to know more
Over 617 million hacked accounts have been put up on sale on the dark web. The data reportedly stems from 16 separate data breaches and is hosted on Dream Market, an illegal marketplace on the dark web. The user data apparently comes from hacked websites that include MyHeritage, Dubsmash, Animoto, MyFitnessPal and more.
While most of the websites named by the seller have reported data breaches in the past, websites like 500px, a photography network had not reported any security breach previously. While it depends from one breach to another, stolen data usually comprises of email, passwords, location and other personal details.
The listing of the data was first discovered by Register. According to the report, the data breaches are listed individually in the marketplace, all by the same vendor. The seller joined Dream Market on February 6 and goes by the alias “gnosticplayers”. He even has a five star rating, although that comes from a single buyer.
The profile of the seller states, “Feel free to message me here on Dream Market to tell me what kind of data you’re searching (crypto, gaming, or huge data sets) and I will list it here for sale right after.”
Furthermore the seller writes, “Since I have a huge reserve of fresh data, I probably have what you need. If the data does not correspond to what the breach information specifies, do an escrow dispute. However, carefully read the listing of what you’ll receive because if you purchase it you agree to receive the specified data.”
This is not the first time breached data has found itself on the dark web marketplaces, available for sale. However, the scale of such a breach might result in a big change in public sentiment towards internet security. Many of the breached data are from websites that never disclosed getting hacked. This could be a violation of GDPR rules in the EU and the companies may be subject to heavy fines.
The breach also seems preventable. The hacker stated they simply exploited existing vulnerabilities in web apps and websites, which are easy to fix. Despite that, the brunt of the breach will be borne by the people whose data has been compromised.
You can check whether your email address have been compromised by heading over to Have I Been Pwned website which collates major data breaches.
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.