Reports of data breaches and millions of records being stolen are rather common today. The truth, however, is that in addition to these reported data breaches, there are lots of breaches that go unreported. Some studies point out that over 50 percent of all data breaches do go unreported.
Now, here comes another news pertaining to such unreported breaches. Millions of accounts and user databases from unreported breaches are reportedly up for sale.
Yes, a hacker, as per reports, has now started selling stolen databases (from unreported breaches) publicly. The hacker, who goes by the online alias Gnosticplayers, has reportedly made available for sale on the dark web, a set of databases that contain over 90 million hacked accounts from several websites.
The Hacker News, in a report dated February 18, 2019, reveals that Gnosticplayers had already put up two rounds of stolen accounts for sale and this set, comprising accounts stolen from 8 websites, is his third round.
The report explains- “Gnosticplayers last week made two rounds of stolen accounts up for sale on the popular dark web marketplace called Dream Market, posting details of nearly 620 million accounts stolen from 16 popular websites in the first round and 127 million records originating from 8 other sites in the second.”
It adds, “The third round, which the hacker told The Hacker News would be his last round, published Sunday contained more than 92 million hacked users’ accounts stolen from 8 websites, including the popular GIF hosting platform Gfycat.”
The eight websites from which the records have been stolen, as per the report, are- online job portal Jobandtalent, photo editor Pizap, Online publishing platform Storybird, GIF hosting service Gfycat, movie streaming website Legendas.tv, mobile payment service Onebip, fitness and yoga center Classpass and real estate portal Streeteasy. Gnosticplayers, who has reportedly revealed that none of these services are aware of a data breach on its network, would be selling the stolen data for a total worth 2.6249 Bitcoin (roughly $9,700).
Regarding the genuineness of the claim made by the hacker, The Hacker News report observes, “Since the majority of compromised services listed in the first and second batches have confirmed the previously-unreported or undetected data breaches, it’s likely that the new round of stolen accounts being sold on the underground market is also legit.”
Gnosticplayers has already removed the first and second collections of data from Dream Market (except some database from interior designing service Houzz).
Well, now that news of these breaches and the consequent sale of data has come out, the best thing that users of any of these 8 websites could do is to change their passwords.