Some 617 million online accounts stolen from 16 websites are being sold on the Dark Web as of today. For less than $20.000 in Bitcoin, the following hacks fundamentals data can be purchased from the Dream Market online marketplace through the Tor network:
DubSmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million) 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million) Artsy (1 million), and DataCamp (700.000).
The accounts according with the Register appear to be regular and consist mainly of names, e-mail addresses and passwords. Passwords are hashed or encrypted one way, so they should be broken before they can be used.
There are a few other elements as well, depending on the hacked websiteσελίδα where the data comes from, such as location, personal information and social media authentication tokens. No data is shown anywhere payments or bank cards.
Dark Web Who are the buyers?
This information is primarily intended for spammers. Others can still get user names and passwords to link to accounts on other sites where users have used the same credentials.
For example, someone who buys a database from the above pages could decode the weakest passwords in the list (the oldest codes may have been encrypted with the MD5 algorithm), and then try to connect to Gmail or Facebook accounts with the same codes.
All databases are currently being sold separately by a hacker who reports that he breached the websites using vulnerabilities web applications.
The vendor, believed to be outside the US, claims that some of the affected sites should be aware of the theft data in one way or another and repair their systems.