Hacker puts up for sale third round of hacked databases on the Dark Web

[The AchieVer]

Hacker puts up for sale third round of hacked databases on the Dark Web

Hacker is selling 93 million user records from eight companies, including GfyCat.

 

A hacker going by the name of Gnosticplayers has put up for sale another set of hacked databases on a Dark Web marketplace.

This is the third round of hacked databases the hacker has published on the Dark Web marketplace known as Dream Market. He previously posted a batch of 16 databases containing the data of 620 million users and a second batch of eight databases with the data of 127 million users.

Today, the hacker published eight more hacked DBs containing data for 92.76 million users. The biggest name in today's batch is GfyCat, the famous GIF hosting and sharing platform. The hacker is selling each database individually on Dream Market. Together, all eight are worth 2.6249 bitcoin, which amounts to roughly $9,400.

In an interview with ZDNet on Friday, Gnosticplayers took credit for the hacks and denied being just an intermediary.

The hacker says he intends to sell over one billion user records and then disappear with the money. His current total stands at roughly 840 million records.

"My two main goals are: -money -downfall of American pigs," he told us.

New leaks are coming, including one from a cryptocurrency exchange, the hacker told ZDNet.

The eight companies whose data Gnosticplayers put up for sale today are listed below:

Company	DB size	Breach date	Price	Content
Legendas.tv (movie sharing service)	3.86 Mil	2017/10	฿0.35	username, password (cleartext), email, IP address
Jobandtalent (job portal)	11 Mil	2018/02	฿0.4669	id, email, SHA1 encrypted password, password salt, first name, surname, current IP address
Onebip (mobile payment platform)	2.6 Mil	2017/10	฿0.2626	user ID, name, email, password (cleartext), address, company info, phone number, PayPal info, banking info, login logs, API key, and other
StoryBird (storytelling service)	4 Mil	2015	฿0.2334	email, password (SHA256), username, other
StreetEasy (real estate)	1 Mil	2018/05	฿0.175	username, email, password hash (SHA1) and salt, other
GfyCat (GIF image hosting)	8 Mil	2018	฿0.35	username, password hash (SHA512), email, other
ClassPass (fitness service)	1.5 Mil	2018	฿0.204	email, password hash (SHA1), username, country, sex, full name
Pizap (online photo editor)	60.8 Mil	2018	฿0.583	Facebook user ID, password hash (SHA1 / not for all), email address, other

 

Image: ZDNet

None of the eight companies listed in Gnosticplayers' ad had previously disclosed a data breach. ZDNet has sent requests for comment to the eight companies. We will update the article with any information we get back. However, many of the companies whose data the hacker has put up for sale in the past week have already admitted to suffering security breaches, making very likely that the data he's selling today is also legitimate.

In addition, each listing was also accompanied with the following message:

George Duke-Cohan is a young and talented boy, instead of giving him a chance, the UK govt sends him to prison for three years.
Now, he's been told by the American government, that he faces 65 years for the offense he was already sentenced to three years in the UK. It means he will be judged twice ??
May this upcoming release of dumps serve as a reminder: 
When countries claim to respect their citizens, they have duty protect them. I wouldn't be surprised whether George Duke-Cohan ends his life, the UK gov already destroyed him and doing this is like sentencing him to death.
If he is not given a fair justice during the upcoming days, weeks, years, more data will be released....

George Duke-Cohan is a UK national who is part og the Apophis Squad hacking crew. He was arrested last summer and sentenced to three years in prison last December.

 

 

Source