- A humongous data dump has been disclosed, containing account data of over 620 million accounts.
- Some of them were already known, but for most platforms, this is the first time a data leak is revealed.
- The seller of the database says it’s all about the money, and security is an illusion anyway.
The credentials of about 620 million accounts from 16 websites that were hacked during the past two years are currently for sale to stuffers and spammers. Each hacked platform has yielded a unique collection of data that can be separately sold to anyone interested, while the whole bundle costs approximately $20000 in Bitcoin. Some of the hacked websites had already informed their users of the data breaches since last year, while others have only realized it now, or opted to keep it secret until today. In all cases, people that had their accounts compromised are urged to immediately change their passwords used in the hacked and any other websites as well.
Here is a detailed list of the account credentials that are on sale right now:
- Dubsmash – 11 GB of data, 161.5 million accounts, $1975, user ID, hashed password, username, email address, country
- 500px – 1.5 GB of data, 14.9 million accounts, $780, username, email address, hashed password
- EyeEm – 1.7 GB of data, 22.4 million accounts, $1040, email address and hashed password
- 8fit – 1.9GB of data, 20.2 million accounts, $730, email address, hashed password, country, Facebook token, Facebook profile name, IP address
- Fotolog – 5.9 GB of data, 16 million accounts, $1870, email address, hash password, answers to security questions, full name
- Animoto – 2.1 GB of data, 25.4 million accounts, $1145, user ID, hashed password, email address, full name, date of birth
- MyHeritage – 3.6 GB, 92.3 million accounts, $1975, email address, hashed password, date of account creation
- MyFitnessPal – 3.5 GB, 150.6 million accounts, $1040, user ID, username, email address, hashed password, IP address
- Artsy – 184 MB of data, 1 million accounts, $100, email address, IP address, full name, location, hashed password
- Armor Games – 1.8 GB of data, 11 million accounts, $990, username, email address, hashed password, date of birth, location, gender
- Bookmate – 1.7 GB of data, 8 million accounts, $570, username, email address, hashed password, gender, date of birth
- CoffeeMeetsBagel – 673 MB of data, 6.2 million accounts, $470, full name, email address, age, registration date, gender, hashed password
- DataCamp – 82 MB of data, 700k accounts, $45, email address, hashed password, location
- HauteLook – 1.5 GB of data, 28 million accounts, $780, email address, hashed password, full name
- ShareThis – 2.7 GB of data, 41 million accounts, $780, full name, username, email address, hashed password, gender, date of birth
- Whitepages – 2.9 GB of data, 17.8 million accounts, $1560, email address, hashed password, full name
At least one person has already purchased the above data, and while the passwords are hashed with SHA256 in most cases, hackers nowadays won’t find it very hard to decrypt passwords hidden behind such obsolete hashing algorithms.
According to The Register, the seller of the above data dump claims that he has as many as 20 databases containing a billion accounts to dump online, while others will be kept secret for private use. As he/she stated: "I don't think I am deeply evil. I need the money. I need the leaks to be disclosed. Security is just an illusion. I started hacking a long time ago. I'm just a tool used by the system. We all know measures are taken to prevent cyber attacks, but with these upcoming dumps, I'll make hacking easier than ever."
Are you still not using a password manager? Let us know what your approach is against all these data dumps, and share your thoughts about security in general in the comments section below. Also, don’t forget that sharing is caring, so feel free to share this post through our socials on Facebook and Twitter.