About 617 millions of online accounts stolen from 16 sites are being sold on the Dark Web today. For less than $ 20.000 in Bitcoin, the following breached databases can be purchased from the Dream Market online marketplace via the Tor Network:
DubSmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million) 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million) Artsy (1 million), and DataCamp (700.000).
The accounts according with the Register appear to be regular and consist mainly of names, e-mail addresses and passwords. Passwords are hashed or encrypted one way, so they should be broken before they can be used.
There are some other elements, depending on the site's infringing data, such as location, personal information and social media authentication token. No payment or bank cards are displayed.
Dark Web Who are the buyers?
This information is primarily intended for spammers. Others can still get user names and passwords to link to accounts on other sites where users have used the same credentials.
For example, someone who buys a database from the above pages could decode the weakest passwords in the list (the oldest codes may have been encrypted with the MD5 algorithm), and then try to connect to Gmail or Facebook accounts with the same codes.
All databases are currently sold separately from a hacker who reports that he has infringed websites using web application vulnerabilities.
The vendor, believed to be outside the US, claims that some of the affected sites should be aware of the theft data in one way or another and repair their systems.