A Dark Web Data Broker Is Selling User Records Coming From 14 Companies

  • Someone is selling a big collection of data dumps deriving from recent hacks on 14 online platforms.
  • Four of them were already known, but the others are fresh, and the exposed users knew nothing about the risks.
  • The same seller is also listing older data breaches that spam campaigners may find useful.

A stolen data broker is offering millions of user records taken from data breaches that allegedly happened in 2020. The information is the result of exfiltrating the databases found in the compromised systems of 14 firms, four of which have already admitted a security incident in May, when “Shiny Hunters” put up their user details for sale on the dark web. The following table provides an overview of what has been put up for sale this time. It’s important to clarify that the data broker is selling the below individually, setting the cost between $100 and $1,100.

kitchhike
Source: Bleeping Computer

As for what type of data is included in each offering, this depends on the database. In general, there are usernames, email addresses, hashed passwords, home addresses, full names, social media profiles, and phone numbers. The implications for the exposed individuals range from scams and phishing attempts, email- and SMS-based trickery to bypassing 2FA via SIM swapping attacks. Some platform listings aren’t dealing with critical stuff, as they are about soccer streaming or food delivery services. Others, however, are more important as they contain data of people who registered on loan platforms.

Platform User Records Alleged Breach Date
DarkThrone 282,825 June 2020
Efun 2.2 million 2020
Fluke 353,321 June 2020
Footters 209,783 June 2020
HomeChef 8 million 2020
JamesDelivery 1.6 million March 2020
KitchHike 115,480 June 2020
KreditPlus 896,170 June 2020
Minted 4.3 million May 2020
Playwings 4.1 million April 2020
Revelo 1.1 million June 2020
Tokopedia 91 million April 2020
Yotepresto 1.4 million June 2020
Zoosk 29.1 million January 2020

In addition to the above, the same data broker is also selling older breaches like those of the Star Tribune, EpicGames, ZyngaPoker, ReverbNation, Wirecard, ClickFunnels, and more. The user information from these data breaches has already been exploited. Still, some value remains, most likely for those looking to distribute spam across millions of valid email addresses.

fluke-table
Source: Bleeping Computer

The ten firms who look like they suffered a security incident that they chose not to disclose haven’t responded through any public announcements yet, which is unfortunately quite typical nowadays. Thus, people shouldn’t expect to receive a warning from the platforms. If you have an account on the above websites, go ahead and reset your passwords, and do the same on any other online platform that you may be using the same credentials.

Right now, there are so many data breaches going on that it has gotten practically impossible for people even to keep up. Firms are exploiting the rate by which newer breaches steal the news headlines and the lack of concrete data protection laws that would compel them to disclose these incidents, so they are just playing deaf. That said, the user should act more responsibly in taking every precaution that would help secure your data.

REVIEW OVERVIEW

Recent Articles

What is Zero Trust Network Access (ZTNA) and Why Does it Matter?

Security is not something that's simply tacked on to an existing system. It's a fundamental aspect of that system's design. This is especially true...

How to Watch ‘CMA Best of Fest’ Live Online

We may not be able to attend concerts right now, but we can still enjoy some of our favorite music, especially when it comes...

5 Best VPN for Hong Kong in 2020 (Protect Yourself From The New National Security Law)

Without any doubt, Internet users in Hong Kong are in a very delicate situation right now. As you surely know, this previously independent territory...

How to Watch Quaker State 400 Online – Live Stream NASCAR Cup Series at Kentucky

We've got another NASCAR race on our hands, and the Quaker State 400 is just around the corner. We plan on watching the Quaker...

Seattle Police Booby-Trapped a File to Catch Ransomware Actor

An interesting method used by U.S. law enforcement authorities has been revealed. The FBI and the police use booby-trapped files that are...