Some 617 million online accounts stolen from 16 websites are being sold on the Dark Web as of today. For less than $20.000 in Bitcoin, the following hacked bases data can be purchased from the online Dream Market, via the Tor network:
DubSmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million) 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million) Artsy (1 million), and DataCamp (700.000).
The accounts according with Register they appear to be normal and mainly consist of names, email addresses and passwords. The passwords they are hashed or one-way encrypted, so they must be cracked before they can be used.
There are also some other details, depending on the hacked website the data comes from, such as location, personal information and social media authentication token. No payment or banking data is displayed anywhere cards.
Dark Web Who are the buyers?
This information is primarily intended for spammers. Others can still get user names and passwords to link to accounts on other sites where users have used the same credentials.
For example, someone who buys a database from the above pages could decode the weakest passwords in the list (the oldest codes may have been encrypted with the MD5 algorithm), and then try to connect to Gmail or Facebook accounts with the same codes.
All databases are currently sold separately from a hacker who reports that he has infringed websites using web application vulnerabilities.
The vendor, believed to be outside the US, claims that some of the affected sites should be aware of the theft data in one way or another and repair their systems.