620 Million Accounts Stolen from 16 Hacked Websites Now for Sale on Dark Web
For less than $20,000 in Bitcoin, the following stolen account information can be yours:
- Dubsmash: 162 million records
- MyFitnessPal: 151 million records
- MyHeritage: 92 million records
- ShareThis: 41 million records
- HauteLook: 28 million records
- Animoto: 25 million records
- EyeEm: 22 million records
- 8fit: 20 million records
- Whitepages: 18 million records
- Fotolog: 16 million records
- 500px: 15 million records
- Armor Games: 11 million records
- BookMate: 8 million records
- CoffeeMeetsBagel: 6 million records
- Artsy: 1 million records
- DataCamp: 700,000 records
According to The Register:
Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.
There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listings.
Buyers identified for the stolen information include spammers and credential stuffers (stuffers will take usernames and passwords leaked from one site to log into accounts on other websites where the users have used the same credential).
MyHeritage, 500px, and EyeEm have all confirmed that the data breaches are real.
The responsible hackers have told The Register that have stolen roughly about a billion records since 2012