Another instance of online accounts being stolen and sold on the Dark Web has now come to light. As many as 617 million accounts from 16 popular websites have been detected for sale on the Dream Market website available on the Tor network. Hackers get hold of this information for an equivalent of $20,000 in Bitcoin. The information available includes account names, email addresses and passwords and the only good news being that the passwords are in hashed state and those who buy these information will need to crack them before it being useful.
This haul of user information was first highlighted to The Register by the apparent seller, who then provided the website with sample records to prove the authenticity of this leak. The report notes that nearly 162 million Dubsmash accounts have been compromised while 151 million MyFitnessPal user accounts have also been affected. Other services hit by this data leak include 92 million users of MyHeritage, 41 million from ShareThis, 28 million from HauteLook, 25 million from Animoto, 22 million from EyeEm, 20 million from 8fit, 18 million from Whitepages, 16 million from Fotolog, 15 million from 500px, 11 million from Armor Games, 8 million from BookMate, 6 million from CoffeeMeetsBagel, 1 million users of Artsy and 7,00,000 accounts linked to DataCamp.
The victims of this data bump include dating sites, e-commerce stores, and gaming studios. The database was apparently put up for sale by a single hacker, says The Register, and the information is said to have been stolen in 2018. The hacker reportedly cracked security vulnerabilities within web apps in order to deploy remote-code execution, which allowed them to extract user account information from these sites.