A Dark Web Data Broker Is Selling User Records Coming From 14 Companies

  • Someone is selling a big collection of data dumps deriving from recent hacks on 14 online platforms.
  • Four of them were already known, but the others are fresh, and the exposed users knew nothing about the risks.
  • The same seller is also listing older data breaches that spam campaigners may find useful.

A stolen data broker is offering millions of user records taken from data breaches that allegedly happened in 2020. The information is the result of exfiltrating the databases found in the compromised systems of 14 firms, four of which have already admitted a security incident in May, when "Shiny Hunters" put up their user details for sale on the dark web. The following table provides an overview of what has been put up for sale this time. It's important to clarify that the data broker is selling the below individually, setting the cost between $100 and $1,100.

Source: Bleeping Computer

As for what type of data is included in each offering, this depends on the database. In general, there are usernames, email addresses, hashed passwords, home addresses, full names, social media profiles, and phone numbers. The implications for the exposed individuals range from scams and phishing attempts, email- and SMS-based trickery to bypassing 2FA via SIM swapping attacks. Some platform listings aren't dealing with critical stuff, as they are about soccer streaming or food delivery services. Others, however, are more important as they contain data of people who registered on loan platforms.

Platform User Records Alleged Breach Date
DarkThrone 282,825 June 2020
Efun 2.2 million 2020
Fluke 353,321 June 2020
Footters 209,783 June 2020
HomeChef 8 million 2020
JamesDelivery 1.6 million March 2020
KitchHike 115,480 June 2020
KreditPlus 896,170 June 2020
Minted 4.3 million May 2020
Playwings 4.1 million April 2020
Revelo 1.1 million June 2020
Tokopedia 91 million April 2020
Yotepresto 1.4 million June 2020
Zoosk 29.1 million January 2020

In addition to the above, the same data broker is also selling older breaches like those of the Star Tribune, EpicGames, ZyngaPoker, ReverbNation, Wirecard, ClickFunnels, and more. The user information from these data breaches has already been exploited. Still, some value remains, most likely for those looking to distribute spam across millions of valid email addresses.

Source: Bleeping Computer

The ten firms who look like they suffered a security incident that they chose not to disclose haven't responded through any public announcements yet, which is unfortunately quite typical nowadays. Thus, people shouldn't expect to receive a warning from the platforms. If you have an account on the above websites, go ahead and reset your passwords, and do the same on any other online platform that you may be using the same credentials.

Right now, there are so many data breaches going on that it has gotten practically impossible for people even to keep up. Firms are exploiting the rate by which newer breaches steal the news headlines and the lack of concrete data protection laws that would compel them to disclose these incidents, so they are just playing deaf. That said, the user should act more responsibly in taking every precaution that would help secure your data.

How to Watch ‘The Fringe, Fame, and Me’ Online From Anywhere for FREE
The Fringe, Fame, and Me is a new documentary on the history of the Fringe Festival as it marks its 75th anniversary,...
How to Watch Love & Hip Hop: Atlanta Season 10B Online From Anywhere
The show that presents aspiring rap stars juggling their professional and personal lives is back with new episodes, and you will be...
How to Watch Darby and Joan Online From Anywhere
Darby and Joan is a bright, humorous, romantic mystery crime series set in stunning Australian locations, and we're excited to watch it...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari