Hundreds of millions of stolen accounts for sale in dark web forums

A vendor on dark web offers these massive databases for less than $20k USD

According to network security specialists from the International Institute of Cyber Security, an unidentified user claims to have the data of nearly 617 million accounts stolen from multiple online services, the unknown user has put on sale these huge databases in dark web forums.

Through the Tor network, those interested in the stolen information can contact the user in possession of the databases, who has requested about $20k USD in Bitcoin in exchange for this treasure of personal data.

Network security experts mention that the websites involved include:

  • Dubsmash: 162 million accounts for 0.217 Bitcoin ($780 USD)
  • MyFitnessPal: 151 million accounts for 0.289 Bitcoin ($1 040 USD)
  • MyHeritage: 92 million of accounts for 0.549 Bitcoin ($1 976 USD)
  • ShareThis: 41 million of accounts for 0.217 Bitcoin ($780 USD)
  • Animoto: 25 million of accounts for 0.3185 Bitcoin ($1 144 USD)
  • Among others

The information provided by the seller seems to be reliable. Among the data stored in this database are the names of the holders of the compromised accounts, email addresses and passwords. Passwords are not ready to be used, as they are encrypted or encrypted on a single end. Apparently there are no bank details records in this database.

Who might be interested in this information?

The details of the compromised accounts could be useful for companies or individuals who send spam and malicious users that display credential stuffing attacks.

If someone bought, for example, 500px accounts, they could enter accounts with weaker passwords, as some were processed using the obsolete MD5 algorithm. If successful, attackers could use the user names and passwords obtained to try to log on to platforms like Facebook or Gmail to develop other hacking activities.

The vendor offers separate databases, claiming that it obtained the compromised accounts by exploiting some vulnerability in web applications. The seller stated that it is not located in American territory, and also states that it has already sold at least one copy of the Dubsmash database.

Network security specialists claim that the websites involved were hacking victims; In the specific case of MyHeritage and MyFitnessPal, these services warned their users that they had been engaged in recent months. In some cases, the compromised sites would have decided not to report data theft. 

MyHeritage spokespersons confirmed that the filtered samples from their database are legitimate; in addition the company calculates that data theft occurred in October 2017 in a cyberattack reported up to 2018. 500px has also confirmed that your account data was stolen from your servers and put on sale this week on dark web.