A threat actor is selling twenty-nine databases on a hacker forum that allegedly contains a combined total of 550 million stolen user records.
The actor began selling these databases on May 7th, when they posted them on a well-known hacker where threat actors can buy each one individually.
According to cyber intelligence firm Cyble, none of these data breaches appear to be new, with the oldest being from 2012 and the latest from last month
The sheer volume of user accounts for sale is concerning as the information exposed could be used to perform large-scale credential stuffing or targeted phishing attacks
In addition to the combined total of 550 million user records, a database of 47.1 million phone numbers that were part of a 2018 Dubsmash data breach is being sold as well.
Below are the various databases that were put up for sale and how many records each allegedly contains.
|Company||Amount||Data Breach Date|
|Evite.com||101 million||March 2019|
|Tokopedia.com||91 million||April 2020|
|piZap.com||60.9 million||April 2018|
|Netlog.com (Twoo.com)||57 million||November 2012|
|Dubsmash.com Phone numbers||47.1 million||December 2018|
|Shein.com||42 million||June 2018|
|Fotolog.com||33.5 million||December 2018|
|CafePress.com||23.6 million||February 2019|
|Wanelo.com Customers||23.2 million||December 2018|
|OMGPop.com||21.4 million||August 2019|
|SinglesNet.com||16.3 million||September 2012|
|Bukalapak.com||13 million||February 2018|
|Bookmate.com||8 million||July 2018|
|ReverbNation.com||7.9 million||January 2014|
|EatStreet.com||6.4 million||May 2019|
|CoffeeMeetsBagel.com||6.2 million||May 2018|
|Storybird.com||4 million||December 2018|
|Minube.net||3.2 million||May 2019|
|Sephora.com||3.2 million||January 2017|
|CafeMom.com||2.6 million||April 2014|
|Coubic.com||2.6 million||March 2019|
|Roadtrippers.com||2.5 million||May 2019|
|DailyBooth.com||1.6 million||April 2014|
|ClassPass.com||1.6 million||October 2017|
|ModaOperandi.com||1.3 million||April 2019|
|Rencanamu.id (Youthmanual.com)||1.1 million||January 2019|
|StreetEasy.com||1 million||May 2018|
|Yanolja.com||1 million||March 2019|
For many of the databases being sold, they include millions of already cracked passwords, which will make a purchaser's job much easier when buying them for credential stuffing attacks
For many of the databases being sold, they include millions of already cracked passwords, which will make a purchaser's job much easier when buying them for credential stuffing attacks.
If you have an account at any of the above-breached sites and have not changed it since the breach date, it is strongly suggested that you change your password to be safe.
If you do not know when you last set your password, change it to be safe.
You can also see if your email was part of these breaches by checking at Cyble's amibreached.com data breach lookup service.
The post "Hacker selling 550 million stolen user records on hacking forum" was first posted on infosecurity magazine, written by Lawrence Abrams