A Dark Web Data Broker Is Selling User Records Coming From 14 Companies

  • Someone is selling a big collection of data dumps deriving from recent hacks on 14 online platforms.
  • Four of them were already known, but the others are fresh, and the exposed users knew nothing about the risks.
  • The same seller is also listing older data breaches that spam campaigners may find useful.

A stolen data broker is offering millions of user records taken from data breaches that allegedly happened in 2020. The information is the result of exfiltrating the databases found in the compromised systems of 14 firms, four of which have already admitted a security incident in May, when “Shiny Hunters” put up their user details for sale on the dark web. The following table provides an overview of what has been put up for sale this time. It’s important to clarify that the data broker is selling the below individually, setting the cost between $100 and $1,100.

kitchhike
Source: Bleeping Computer

As for what type of data is included in each offering, this depends on the database. In general, there are usernames, email addresses, hashed passwords, home addresses, full names, social media profiles, and phone numbers. The implications for the exposed individuals range from scams and phishing attempts, email- and SMS-based trickery to bypassing 2FA via SIM swapping attacks. Some platform listings aren’t dealing with critical stuff, as they are about soccer streaming or food delivery services. Others, however, are more important as they contain data of people who registered on loan platforms.

Platform User Records Alleged Breach Date
DarkThrone 282,825 June 2020
Efun 2.2 million 2020
Fluke 353,321 June 2020
Footters 209,783 June 2020
HomeChef 8 million 2020
JamesDelivery 1.6 million March 2020
KitchHike 115,480 June 2020
KreditPlus 896,170 June 2020
Minted 4.3 million May 2020
Playwings 4.1 million April 2020
Revelo 1.1 million June 2020
Tokopedia 91 million April 2020
Yotepresto 1.4 million June 2020
Zoosk 29.1 million January 2020

In addition to the above, the same data broker is also selling older breaches like those of the Star Tribune, EpicGames, ZyngaPoker, ReverbNation, Wirecard, ClickFunnels, and more. The user information from these data breaches has already been exploited. Still, some value remains, most likely for those looking to distribute spam across millions of valid email addresses.

fluke-table
Source: Bleeping Computer

The ten firms who look like they suffered a security incident that they chose not to disclose haven’t responded through any public announcements yet, which is unfortunately quite typical nowadays. Thus, people shouldn’t expect to receive a warning from the platforms. If you have an account on the above websites, go ahead and reset your passwords, and do the same on any other online platform that you may be using the same credentials.

Right now, there are so many data breaches going on that it has gotten practically impossible for people even to keep up. Firms are exploiting the rate by which newer breaches steal the news headlines and the lack of concrete data protection laws that would compel them to disclose these incidents, so they are just playing deaf. That said, the user should act more responsibly in taking every precaution that would help secure your data.

REVIEW OVERVIEW

Recent Articles

How to Watch ‘Christmas in Rockefeller Center’ Online: Live Stream Christmas Tree Lighting

The annual lighting of the tree in New York City's Rockefeller Center has certainly become a tradition across the United States. This...

Egregor’s Latest Press Release Is a Victim Intimidation Machine

Egregor warns victims that if they don’t make a contract with them, they’ll have to manage a constant cybersecurity and regulation threat.The...

Italians Fined Apple €10 Million for Misleading iPhone Waterproof Claims

AGCM has bashed Apple for making false claims about the underwater abilities of iPhones.The organization maintains that the tech giant based its...