About 617 millions of online accounts stolen from 16 sites are being sold on the Dark Web today. For less than $ 20.000 in Bitcoin, the following breached databases can be purchased from the Dream Market online marketplace via the Tor Network:
DubSmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million) 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million) Artsy (1 million), and DataCamp (700.000).
The accounts according with Register they appear to be normal and mostly consist of names, email addresses and passwords accesss. Passwords are hashed or one-way encrypted, so they must be cracked before they can be used.
There are some other elements, depending on the site's infringing data, such as location, personal information and social media authentication token. No payment or bank cards are displayed.
Dark Web Who are the buyers?
These information they are mainly aimed at spammers. Still others can take usernames and passwords to log into accounts on other websites where the users have used the same credentials.
For example, someone who buys a database from the above pages could decode the weakest passwords in the list (the oldest codes may have been encrypted with the MD5 algorithm), and then try to connect to Gmail or Facebook accounts with the same codes.
All databases are currently sold separately from a hacker who reports that he has infringed websites using web application vulnerabilities.
The vendor, believed to be outside the US, claims that some of the affected sites should be aware of the theft data in one way or another and repair their systems.