Pierluigi Paganini February 16, 2019

A new batch of 127 million records appears in the dark web, this time the huge trove of data appears to be originated from eight companies.

A hacker that goes online with the moniker ‘gnosticplayers‘ is offering for sale the data on the Dream Market marketplace asking $14,500 worth of Bitcoin.

Early this week, the same seller also listed another batch of 620 million accounts coming from other 16 breached websites including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis.

Like the previous round, the latest 127 million records of stolen data have now been removed from the marketplace to avoid uncontrolled diffusion of the archive that were purchased by many buyers.

“All my listings have been removed, to avoid them being bought so many times and being leaked, as a respect for my buyers. But don’t worry, next round of breaches coming soon.” explained the seller in a message left on the black marketplace.

Below the list of companies whose records are included in the second collection offered for sale in the dark web by the seller gnosticplayers:

Ge.tt (1.56GB) (1.83 million accounts – BTC 0.1609 ($572)) – Exposed data includes name, password hash, Facebook ID, and referrer. Data were stolen in December 2017.

Ixigo (7.23GB) (18 million accounts – BTC 0.263 ($936)) – Exèposed data include passwords md5, full name, IP address, username, email addresses, and some passport numbers. Data were stolen in January 2019.

Roll20 (759 MB) (4 million accounts – BTC 0.0585 ($208)) – Exposed data include names, encrypted passwords, email addresses, and more.
Data were stolen in January 2019.

Houzz (7.9GB) (57 million accounts – BTC 2.927 ($10400)) – Exposed data include email addresses, passwords, name, and registration date.
Data were stolen in July 2018.

Coinmama (101MB) (486,297 accounts – BTC 0.351 ($1248)) – Exposed data include email addresses, passwords, and more.
Data were stolen in August 2017.

YouNow (1.3GB) (40 million accounts – BTC 0.1317 ($468)) – Exposed data include full names, IP addresses, email addresses, and social profiles.
Data were stolen in October 2017.

Stronghold Kingdoms (610MB) (5 million accounts – BTC 0.2927 ($1040) – Exposed data include full names, IP addresses, email addresses, and social profiles. Data were stolen in September 2018.

PetFlow (200MB) (1 million accounts – BTC 0.1769 ($634.4) – BTC 0.2927 ($1040) – Exposed data include full names, IP addresses, email addresses, and social profiles. Data were stolen in 2017.

Gnosticplayers in an exclusive conversation with HACKREAD claimed to be a Pakistani citizen, a hacktivist fighting to put a positive image of his country.

“The message is clear, the image the world has of Pakistan is unfair Whereas Pakistani people are the most wonderful people and did nothing wrong. They are persecuted all over the world and people tend to associate this with the whole country. this is false,” Gnosticplayers told HackRead.

The hackers already made available for sale 24 collections containing a total of 747 million stolen user credentials.

At the time of writing, only Coffee Meets Bagel, Coinmama, Houzz disclosed data breaches, while YouNow and
PetFlow claimed that they haven’t suffered a security breach.

Pierluigi Paganini

(SecurityAffairs – data breaches, dark web)

[adrotate banner=”5″] [adrotate banner=”13″]