Just days after the news that 620 million accounts had gone on sale on the Dark Web, another trove of data has emerged. A new batch of 127 million records stolen from eight companies is now available on Dark Web market Dream Market, according to TechCrunch.
The data is being sold by the same person – or people – "gnosticplayers" with an asking price of $14,500 in bitcoin for this new collection. It’s obviously a smaller trove than the last one – hence the lower price – and it’s now been removed. But that doesn’t mean people are safe. Gnosticplayers had also removed the first collection of accounts from the market to avoid too many people buying the same trove.
At the same time, some of these breaches appear to be more serious than the last collection first reported by the Register, which contained only hashed passwords that needed to be cracked by the buyer before they could be used. If gnosticplayers is to be believed, passwords and passport numbers are among the details available as part of this latest trove.
What to do now
It’s easy to become accustomed to seeing data troves being released online, but that doesn’t mean people should do nothing. If you haven’t tightened up your password security after reading my previous report, please do so now including two-factor authentication where possible.
In addition, read through the list of breached sites: Some breaches aren’t publicly known and although they haven’t been confirmed by the companies involved, you’ll need to change your passwords if you use any of these services, to be safe.
The alleged contents of the eight collections
CoinMama.com (450,000 details including email addresses, passwords, and more)
Ge.tt (approximately 2 million details including name, password hash, facebook ID)
Houzz.com (57 million details including email addresses, passwords, name, and registration date)
Ixigo.com (18 million details including passwords md5, full name, IP address, username, email addresses, and some passport numbers)
Petflow.com (1.5 million details including email, username, password hash and salt)
Roll20.net (4 million details including names, crypted passwords, email addresses, and more)
StrongHoldKingdoms.com (5 million details including usernames, email addresses, passwords, salts, birthday and more)
Younow.com (over 40 million details including full names, IP addresses, email addresses, and social profiles)
What does this mean for security?
First there was Collection #1 breach, which saw more than a billion unique email address and password combinations posted to a hacking forum for anyone to see. Then emerged Collection 2-5 taking the total number of hacked user accounts published to a shocking 2.2 billion.
Jake Moore a cybersecurity specialist at ESET, says he wouldn’t be surprised if a “Collection #6-10” emerges over the coming months. “It’s time to act now. We need to take a new approach to protecting our personal cybersecurity. Data breaches are becoming more frequent and until we change our direction, or even culture, this will continue to be a massive problem.”
One way of improving security is by using password managers, which prevents the need to remember multiple complex passwords required to avoid falling victim. But as Moore says, sadly, far too few people use them. “Similarly, two factor authentication is another fundamental approach to improving our security, but people fail to set it up for a number of reasons,” he says. “Therefore, if their passwords are breached, their accounts are far too easily compromised.”
Corin Imai, senior security advisor at DomainTools advises maintaining solid password hygiene. In other words: “No Word or Excel files named ‘passwords’ on your computer, not using the same passwords for multiple accounts and not choosing words that are variations of obvious personal information, such as your name or date of birth.
“Users need to remember that the even seemingly irrelevant information contained in accounts on websites they might not even remember signing up for can be extremely valuable to cybercriminals.”
She also points out that many of the passwords being sold on the Dark Web have been harvested in breaches that happened over the course of a few years. “Therefore, simply changing passwords regularly can protect users’ accounts from an attack.”
It is unfortunate but true: as breaches increase, we all need to take a proactive approach to securing our own information. People need to remain vigilant and to continue to use trusted sites such as HaveIBeenPwned to check if your details have been caught up in any of the latest data dumps.
But at the same time, there’s no need to panic: Gnosticplayers says its next round of breaches are “coming soon”, but cybercriminals love drama and it could be an empty threat. Just worry about your tightening up your own security and don’t give your details out to anyone unless it’s absolutely necessary.
