Around 12million account credentials from 11 separate cryptocurrency forums surfaced on the dark web for as low as $400. The vendor under the pseudonym ‘doubleflag’ claims the database includes records from 2011-2017 which includes names, email addresses, usernames, phone numbers, date of birth, location passwords and even IP addresses. The vendor has claimed that some of the passwords are in plain text.
The vendor is marketing the trove of stolen credentials as a “package” deal and any one can buy this leaked information from the dark web after paying 0.3817 BTCs. The package is said to include content from compromised cryptocurrency forums like BitcoinTalk, MtGox, Bitcoinsec, and BTC-E. Other leaked databases on sale include user information from Whois, Paddy Power, Experian, Brazzers, GTAGaming, Dota2, CDProjektRed, XHamster, and Lastfm. The publication also informs about the presence of datasets containing US voter records.
While some of these platforms are not functional anymore, the hacked data can still come in handy as many people tend to reuse the same credentials across multiple accounts. A hacker equipped with so much data can potentially reuse it on other platforms successfully.
The thriving dark web marketplaces are known for trading in stolen databases, each typically containing tens of thousands of hacked accounts. One can buy almost anything there, provided they know where to go and have enough cryptocurrency balance to pay for it. Over the past 12 months, massive leaks have ended up there – from Dropbox to MySpace.
There have been numerous reports of large-scale hacking incidents that went unnoticed for a while. Like in the case of Yahoo, the company didn’t realise that the security has been compromised until a separate incident led the cyber security experts to a previously undetected incident. Other prominent platforms that have been targeted by hackers in the past include LinkedIn and even Google accounts.
One service named in the batch, BitcoinTalk.org, was hacked back in May 2015. When the batch emerged a year later it was selling for one Bitcoin, or £480 ($600). It contained over 500,000 accounts consisting of names, emails, passwords and more.
These incidents keep reminding internet users about the importance of security and best practices when it comes to online activities. It is advisable to change passwords frequently and to use a mix of complex characters instead of easily deducible words.