Fri. Feb 22nd, 2019

620 Million Accounts Are Up For Sale on the Dark Web–Are You On the List?

Faceless Computer Hacker

Account details stolen from 16 hacked websites are on sale today on the dark web. According to the data troves seller, for less than $20,000 in Bitcoin, the following databases can be purchased on the Dream Market cyber-souk, located in the Tor network:

  • Dubsmash (162 million details)
  • MyFitnessPal (151 million details)
  • MyHeritage (92 million details)
  • ShareThis (41 million details)
  • HauteLook (28 million details)
  • Animoto (25 million details)
  • EyeEm (22 million details)
  • 8fit (20 million details)
  • Whitepages (18 million details)
  • Fotolog (16 million details)
  • 500px (15 million details)
  • Armor Games (11 million details)
  • BookMate (8 million details)
  • CoffeeMeetsBagel (6 million details)
  • Artsy (1 million details)
  • DataCamp (700,000 details)

How serious is it?

It seems legit. The Register has seen sample account records from the multi-gigabyte databases. And, according to the tech site, they consist mainly of account holder names, email addresses, and passwords. But the one silver-lining: The exposed passwords are hashed, this means they can’t be used by criminals until they are cracked.

If attackers can crack some of the weaker passwords, the idea is to throw compromised usernames and passwords at a number of big sites and catch people who have been using the same password across a number of services.

What to do now?

Unfortunately, the security of people’s data often seems to come down to the company that is handling it – and this is not always top notch. Needless to say, if you are a user of any of these services, you need to change your password now. Also, if you use that password on more than one site, it needs to be changed on all of those too. You should also be using two-factor authentication where possible.