Hackers Have Just Put 620 Million Accounts Up For Sale On The Dark Web — Are You On The List?
It is only the second month of the year, but it seems 2019 is already making its mark via breaches of “collections” of customer details. Only last month, the so-called Collection #1 breach saw more than a billion unique email address and password combinations posted to a hacking forum for anyone to see. Then emerged Collection 2-5 taking the total number of hacked user accounts published to a shocking 2.2 billion.
Now, in a new revelation, 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, the seller of the data trove has told the Register.
The details are available from the Dream Market cyber-souk located in the Tor network for the price of less than $20,000 in Bitcoin, the hacker told the tech site.
Hackers Have Just Put 620 Million Accounts Up For Sale On The Dark Web How serious is it?
It seems to be legit. The Register has seen sample account records from the multi-gigabyte databases. According to the tech site, they consist mainly of account holder names, email addresses, and passwords. But one silver lining: The exposed passwords are hashed. This means they can’t be used by criminals until they are cracked.
Other information compromised includes personal and location details. However, no bank information appears to be on the list.
As with similar collections, the details are earmarked for sale to attackers who wish to perform credential stuffing attacks. If they are able to crack some of the weaker passwords, this will see them throwing compromised user names and passwords at a number of big sites. The idea is to catch people out if they have been using the same password across a number of services.