Hacker Steals 34 Million User Records from 17 Companies, Puts for Sale on Hacker Forum!
Data breaches continue to dominate headlines across the world. Despite the growing emphasis on data security, cybercriminals continue to find more advanced ways to breach security defenses and access critical enterprise data.
Recently, a malicious actor has stolen account databases containing an aggregate total of 34 million user records from seventeen companies.
Lately, on October 28, a data breach broker put the stolen user databases of the 17 companies on ‘Hacker Forum’ for sale. The caption read as “Selling exclusive private databases. These databases are fresh and have never been sold before. Limited sales.”
In conversation with BleepingComputer, the seller said they were acting as a broker for the databases and were not responsible for hacking into the seventeen companies.
When asked how the threat actor has gained access to the databases, the seller replied, “Not sure if he wants to disclose.”
The stolen databases for private sale on Hacker Forum will be typically sold at prices ranging from USD 500 to USD 100,000. After some time, the sellers will release the stolen databases for free in the forum to improve the hacker’s ‘street cred.’
List of Companies Experienced the Breach:
As per the details provided by the data breach broker, all of the databases being stolen from the seventeen companies were obtained in 2020.
Geekie.com.br experienced the largest breach, allowing the hacker to steal 8.1 million records. Singapore’s RedMart (1.1 million records) is the most popular company among the 17 affected companies.
The seller revealed that they are selling the RedMart database for USD 1,500.
However, only RedMart, Geekie, and Athletico, among all the 17 companies, have disclosed the data breach, while Wongnai.com informed BleepingComputer that they are investigating the breach.
“Thanks for your inquiry, we were aware of this incident, and our tech team has been investigating this matter,” Wongnai emailed BleepingComputer.
Company | Records Exposed | User Information Exposed |
Geekie.com.br | 8.1 million | Emails, usernames, names, DoB, gender, mobile numbers, Brazilian CPF numbers, hashed passwords, |
Clip.mx | 4.7 million | Email, phone number |
Wongnai.com | 4.3 million | Email, password md5, IP, Facebook and Twitter ID, names, birthdate, phone, zip |
Cermati.com | 2.9 million | Emails, Bcrypt password, name, address, phone, revenue, bank, tax and ID number, gender, job, company, mother’s maiden name |
Everything5pounds.com | 2.9 million | Emails, name, gender, phone number, hashed passwords |
Eatigo.com | 2.8 million | Email, name, phone, gender, password md5, Facebook ID, and token |
Katapult.com | 2.2 million | Email, password pbkdf2-sha256/unknown, name |
Wedmegood.com | 1.3 million | Email, password sha512, phone, Facebook ID |
RedMart | 1.1 million | Mails, mailing and billing addresses, SHA1 hashed passwords, full name, phone numbers, partial credit cards numbers |
Coupontools.com | 1 million | Email, password bcrypt, name, phone, gender, birthdate |
W3layouts.com | 789,000 | Email, country, city, state, phone, name, password bcrypt, IP |
Game24h.vn | 779,000 | Email, password md5, username, birthdate, name |
Invideo.io | 571,000 | Email, password bcrypt, name, phone |
Apps-builder.com | 386,000 | Email, password md5crypt, IP, name, country |
Fantasycruncher.com | 227,000 | Email, password bcrypt/sha1, username, IP |
Athletico.com.br | 162,000 | Email, password md5, name, CPF, birthdate |
Toddycafe.com | 129,000 | Email, password unknown, name, phone, address |
Do You Hold Any Account in These Websites?
If you have an account in one of these hacked websites, make sure to change your account password immediately, irrespective of any breach disclosure alert from the company.
In case you are using the same password for other sites, ensure to change those passwords too.
It is advised to use unique and robust passwords for every website, so any breach at one site will not affect you at the other websites you use.
More Articles:
- The 25 Biggest Data Breaches of 2020 | StealthLabs
- 83% Of Large-scale Enterprises Transformed Their Cybersecurity Due To Pandemic!
- Tips to Build an Effective Cyber Incident Response Plan
- 6 Steps to Build an Effective Cyber Incident Response Plan
- Privileged Access Management Services: Strategy and Benefits