Posted on February 13, 2019 at 1:47 PM
2018 was one of the worst years for online security in the history of the internet, with every other week bringing new reports of large-scale attacks that managed to get away with millions of hacked accounts. The trend continues in 2019, and while only a month and a half of the year has passed, there were already several massive data dumps.
The first one, called Collection #1, published over a billion unique emails, as well as a massive collection of stolen passwords. Soon after that, the Collection 2-5 appeared, bringing the total number of affected accounts to 2.2 billion.
Now, a new data dump appeared on a dark web marketplace called Dream Market. The new data dump includes login credentials belonging to around 617 million hacked accounts, which is a collection gathered from 16 hacked websites. The collection was posted by an individual who goes by the name of ‘gnosticplayers,’ who joined the Dream Market on February 6th.
The hacker has since left a message, encouraging anyone searching for data to message them. The message also claims that the hacker can obtain data regarding cryptocurrencies, gaming, and even huge data sets. They claim to have huge reserves of fresh data, indicating that they likely have what the buyers might want. In order to receive the dump, the seller asks for a payment of $20,000 in Bitcoin (BTC).
Is the threat real?
So far, it appears that the offer is real, as some of the obtained samples seemingly belong to a multi-gigabyte collection. The stolen data seems to include names, location details, passwords, and email addresses, all of which are still hashed, meaning that the buyers cannot cause any real damage until the login credentials are cracked. Another good thing is that it appears that there is no bank or card information included.
However, this still doesn’t mean that the threat should be overlooked, especially since a lot of internet users still use a single login combination for multiple websites. If hackers manage to decrypt login credentials with weaker protection, they may still affect multiple user accounts, provided that they use the same information.
As mentioned, the data comes from 16 hacked websites, including Dubsmash, HauteLook, MyFitnessPal, ShareThis, My heritage, Animoto, 8fit, EyeEm, Whitepages, 500px, BookMate, Fotolog, Armor Games, Artsy, CoffeeMeetsBagel, and DataCamp.
The consequences of the dump and what to do next
According to security experts, a number of breached websites did not report that they were hacked, which indicates two potential scenarios — either they do not even know that they were breached, or they decided not to disclose it. Both possibilities are worrying, although the decision not to disclose the attacks might result in some serious fines.
In either case, researchers believe that the websites’ customers might have something to say as well since the awareness regarding online security grew considerably in light of recent attacks. If the websites cannot provide proper protection, their customers might end up migrating to services that can, as most of the security seems to depend on the company.
Due to a large number of stolen credentials, users of the listed websites are advised to change their passwords as soon as possible. They are also advised to start using different passwords on different websites, which is always a good rule, as it prevents all of the accounts from being compromised if one of them gets hacked.
The use of password managers is also advised, as it will make it easier for users to use different, difficult passwords without the need to remember them. Other than that, those who wish to check if they are affected by hacking attacks can do so by using the website called Have I Been Pwned? By typing their email address into the search field, users will receive information regarding all of the known attacks and data dumps where their email has been affected.