Hacker who stole 620 million records strikes again, stealing 127 million more

A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned.
The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto. But several other hacked sites on the marketplace listing didn’t know or hadn’t disclosed yet — such as 500px and Coffee Meets Bagel.
The Register, which first reported the story, said the data included names, email addresses and scrambled passwords, and in some cases other login and account data — though no financial data was included.
Now the same hacker has eight additional marketplace entries after their original listings were pulled offline, including:

18 million records from travel booking site Ixigo

Live-video streaming site YouNow had 40 million records stolen

Houzz, which recently disclosed a data breach, is listed with 57 million records stolen had 1.8 million accounts stolen

450,000 records from cryptocurrency site Coinmama.

Roll20, a gaming site, had 4 million records listed

Stronghold Kingdoms, a multiplayer online game, had 5 million records listed

1 million records from pet care delivery service PetFlow

According to the hacker’s listings, Ixigo and PetFlow used the old and outdated MD5 hashing algorithm to scramble passwords, which these days is easy to unscramble. YouNow doesn’t store passwords, a spokesperson said.
In all, the hacker is selling the hacked data for about $14,500 in bitcoin.
Hacker who stole 620 million records strikes again, stealing 127 million more
The dark web marketplace listing for Houzz. (Image: TechCrunch)
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«    Сентябрь 2020    »