One million StreetEasy accounts for sale on dark web

The company realized that it had been hacked until it discovered its information on sale in dark web forums

StreetEasy recently confirmed the hacking and data breach of nearly one million user accounts on the platform. According to network security and ethical hacking specialists from the International Institute of Cyber Security, the stolen information is available for sale in various dark web forums.

According to reports, the company realized on the attack last weekend, after discovering that a user of dark web was offering the compromised information, said StreetEasy spokesman, Lauren Riefflin. According to the spokesperson, the leaked data include:

  • Users’ full names
  • Email Addresses
  • Encrypted passwords

Through a statement, StreetEasy added that, in addition to the aforementioned data, hackers had access to the last four digits of the payment cards of affected users, type of payment card, expiration dates and addresses of billing, although the company clarified that most of these payment cards were expired. According to StreetEasy, this dataset is earlier than the year 2016, so most of these records are overdue.

The company has not revealed details about how hackers managed to access the compromised information, but ensures that the necessary steps have been taken to prevent additional attacks, such as restoring user passwords.

Network security experts believe this data theft may be linked to a recent cyberattack campaign against various companies and then sell stolen information in dark web forums, deployed by a single hacker.

StreetEasy is a real estate rental and purchase platform focused on the New York area. Spokespersons for Zillow, its parent company, have confirmed that data breach has not affected its operations.

In its statement, StreetEasy mentions: “We take the privacy and information security of all our clients very seriously. Our network security teams have undertaken a series of actions to strengthen our security and ensure our data safety against possibly upcoming attacks” concludes the company’s statement.