620 Million Stolen Accounts for Sale at $20,000 Bitcoin's Worth

Almost $20,000 worth of bitcoin is being requested by a hacker in exchange for 620 million user accounts that were stolen from 16 websites. At first, this was merely a claim but some of the attacked websites which were contacted confirmed that were hacked; reports The Register.

Unidentified Hacker Publicizes Stolen Accounts on Dark Web

Per the report, an unidentified person on February 11 publicized on Dream Market cyber-souk that they have 620 million online accounts for sale. The accounts were culled from 16 websites which include Dubsmash, Fotolog, MyFitnessPal, EyeEm, CoffeeMeetsBagel, and MyHeritage. Others are Armor Games, HauteLook, Animoto, BookMate, 8fit, Whitepages, 500px, Artsy, and DataCamp
According to the seller in the underworld marketplace, the database includes the user’s full name, hashed password, email, and other information such as their birthday. They also outlined that the platforms were hacked in 2018 and they have never reported of a security breach. As such, the chances that the login details have been changed is low.

Media Outlet Notifies Affected Websites

The media outlet, on the other hand, contacted some of the sites which were listed and most after reviewing their security confirmed that they had been hacked. 500px, for instance, stated that after an investigation was carried out by the site’s engineers, they detected a security breach. They added that the vulnerability has been identified and fixed, and so far, the issue has not reoccurred.
EyeEm, an online hangout for photographers was not also spared given that 22,360,765 accounts were stolen from its servers and offered for 0.289 BTC ($1,040). EyeEm, who was also notified by the media later informed its users. So far, all passwords on the platform have been reset.

Compromised User Accounts Could Affect Many Others

While these platforms have taken steps to protect their customers’ accounts, the harm may have already been done. In this case, some users are fond of using the same username, email, and password across multiple sites. As such, even if it is changed on one platform, it still leaves their Gmail, Facebook, and even accounts on cryptocurrency exchanges vulnerable.
That aside, the seller confided in The Register and said they have hacked billions of accounts since 2012. According to them, there currently 20 other databases which they can upload online. However, they have chosen to keep it for private use. Moreover, the aim of the data leak is to make life easier for hackers and make people take two-factor authentication serious.
The attacker also said:

I don’t think I am deeply evil…I need the money. I need the leaks to be disclosed.

Cyber attacks of this nature are not the first of its kind. Prominent among them is hacking into exchanges via SIM swap attack, and mining cryptocurrencies illegally on people’s computer. Even though law officials are on the tail of the actors behind these crimes, they are still on the rise.

Related posts
DeFiNewsNews 1SocialTrading View

Here’s why crypto-insurance markets have scope

When it comes to Bitcoin versus the state, crypto-enthusiasts are always looking for guidance via clear regulations. To their delight, at least in some cases, some regulatory progress has been made, pThe post Here’s why crypto-insurance markets have scope Story…
BitcoinBTC Trading ViewNewsNews 1Trading View

Man Group CEO questions rationale of holding Bitcoin on balance sheets

Almost every company that has invested in Bitcoin thinks the crypto-asset is an emerging store of value. One to offer a fresh perspective on the asset class, however, is CEO of Man Group Luke Ellis whThe post Man Group CEO…
BitcoinBTC Trading ViewNewsNews 1SocialTrading View

What does Bitcoin's Options price action mean for its near-term?

Bitcoin, at the time of writing, was trading well above $57,000 again. While that is some recovery from its drop below $47,000 a few weeks ago, what must not be forgotten is that Bitcoin’s recovery siThe post What does Bitcoin’s…