- Gnosticplayers puts the fourth batch up for sale on the dark web, with 26 million accounts deriving from six data breaches.
- Each of the website sub-batch of account credentials is sold for around $5000, and the hacker says the victims are unaware of any breach.
- Users of the affected websites are urged to change their passwords and activate 2FA immediately.
The hacker who goes by the name “Gnosticplayers” has returned to the ordinary notorious dark web marketplaces (like Dream Market) for a new round of selling account credentials. This time, the batch contains the details of 26 million accounts, deriving from the breaching of six websites who have not clarified whether they have been subject to a security breach in their systems or not. That said, the users who had their accounts compromised could have already received a warning message (notice of breach) in the previous months resulting in the changing of their password and other login details, or they may not have heard the sad news until now.
This is the fourth batch that Gnosticplayers puts up for sale on the dark web, with the previous sale taking place on February, and concerning 93 million user records from eight data breaches. The six breaches that comprise this new batch are the following:
- Youthmanual – 1.12 million accounts
- GameSalad – 1.5 million accounts
- Bukalapak – 13 million accounts
- Lifebear – 3.86 million accounts
- EstanteVirtual – 5.45 million accounts
- Coubic – 1.5 million accounts
Each of the above is sold for 1.2431 Bitcoin, which is the equivalent of approximately $5000. Some of the above websites are online marketplaces, while others are scheduling and learning platforms, so there’s a mix of personal information and payment information in there, and malicious actors may pick what they want individually. If you have created an account on one of the above websites, it is recommended to immediately change your password and enable two-factor authentication if available, while those who like to use the same password across multiple platforms must change it on all now, otherwise they’ll run the risk of falling victims to credential stuffing attacks.
According to “The Hacker News”, who claim to have communication with Gnosticplayers, this fourth batch will be the last one from this hacker for now. According to the same sources, the hacker believes that the six websites that are affected by this account sale have probably not even realized that they were compromised in the past, but this may be just a false claim helping the hacker raise the value of the material that is for sale.
Are you a user of any of the affected websites? Have you received a breach notice at any point of time in the recent past? Let us know of the details in the comments section below, and don’t forget that you have the power to help us spread the word by sharing this post through our socials, on Facebook and Twitter.