Over 90 million of stolen accounts for sale on dark web

A hacker offers personal details of users of some sites in exchange for Bitcoin transfers

A hacker active on dark web known as “Gnosticplayers” has become relevant recently due to the high profile data breaches he has carried out. According to network security and ethical hacking from the International Institute of Cyber Security, the hacker was selling more than 100 million of stolen accounts from various platforms a few days ago and now has revealed a new list of compromised websites.

This time, the hacker claims to have 92 million stolen accounts of 8 different platforms; apparently, this time the hacker has accessed more sensitive personal details than just the users’ emails and passwords.

According to network security specialists, the sites involved are:

  • Legendas.tv: A popular Brazilian website that allows users to download subtitles for movies and TV shows
  • JobandTalent: A job search platform based in Spain
  • Onebip: A payment management service established in Italy (financial details could have been stolen from this site)
  • Storybird: A platform with tools for creating and illustrating stories, novels, etc.
  • StreetEasy: One of New York’s leading real estate markets
  • Gfycat: A popular GIF and short video hosting company
  • ClassPass: A monthly membership to go to any gym in any ClassPass establishment
  • PiZap: A popular photo editing website

Network security specialists report that Gnosticplayers main purpose is to protest against the arrest of George Duke-Cohan, a teenager who was recently accused of conducting a campaign of DDoS attacks against ProtonMail, in addition to some fake bomb threats.

Cohan was arrested by the United Kingdom’s National Crime Agency (NCA), and was also persecuted by the U.S. authorities. Although in the United Kingdom he had been sentenced to three years in prison, the United States has reported that the defendant faces a sentence of 65 years in prison.

Gnosticplayers published in dark web: “Duke-Cohan is a talented young man, but the British authorities have decided to send him to prison instead of giving him a second chance. Now, the American government says that the young man faces a sentence of 65 years for a crime for which he has been sentenced to three years in prison in the United Kingdom. Are you trying to judge him twice?”

The hacker concluded his message with a threat: “May this data breaches from these sites serve as a warning; if a fair process is not guaranteed for George Duke-Cohan, over the next few days, weeks, even years, more data will be published from other compromised websites”.   

All the users of the compromised sites can do for now is to change their email passwords and the affected platforms, in addition to monitoring their bank reports in search of any indication of unauthorized activity. Setting security controls for your social network accounts (such as multi-factor authentication) is also recommended.