A Pakistani cybercriminal going by Gnosticplayers has put up a 2nd batch of 127 million accounts from 8 popular websites on the Dark Web marketplace for illegal purchase.
This comes after the same hacker had released details of an earlier batch of about 620 million online accounts that were hacked from 16 popular websites and auctioned it for $20,000 in bitcoin.
The data released by the hacker contains names, emails, and passwords. In some cases, it also contained login data, but no financial account was included.
The hacker is asking the equivalent of $14,500 in bitcoin to be paid in order to get full access to the batch of accounts.
The Dark Web marketplace where this illegal auction is being held, Dream Market, has been up since November 2013. Its sole purpose is to offer anonymous support and sales to goods and services, ranging from child porn, banned drugs, and even illegal weapons.
The hacker claimed that most of the targeted companies probably had no idea that their user data had already been sold to cyber terrorists worldwide.
Gnosticplayers took out the collection of accounts after some time, to avoid too many buyers from losing control of the entire merchandise. The hacker boldly announced that all the listings have been removed to avoid them being bought too many times by buyers and then leaked. He assured that another batch of stolen accounts will be uploaded soon.
The stolen accounts from the eight websites include YouNow (40million), Stronghold Kingdoms (5million), Ixigo (18million), Ge.tt (1.83million), Coinmama (420,000), Houzz (57million), Roll20.net (4million) and PetFlow and Vbulletin forum (1.5million).
According to the hacker, PetFlow and Ixigo had used the outdated MD5 algorithm to scramble passwords which were quite easy to unscramble.
Houzz has confirmed the security breach, noting that the hack had compromised its users’ public information and internal account data.
Some of the aforementioned websites have begun to reset their users’ passwords, albeit it is highly recommended that you reset your password if you belong to any of them.