Home Cyber Crime A threat actor is selling databases stolen from 14 companiesSecurity Affairs

A threat actor is selling databases stolen from 14 companiesSecurity Affairs

by Pierluigi Paganini

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020.

A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChef, Minted, Tokopedia, and Zoosk) were previously reported data breaches.

The list of companies allegedly hacked include food delivery services, soccer streaming services, fashion and game sites, and loans.

The databases contain a total of 132,957,579 user records.

The databases are available for sale on multiple hacker forums, the all includes usernames and hashed passwords.

According to BleepingComputer, the prices for the databases can be as low as $100, while some databases available for sale go for $1,100.

“From samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been confirmed directly by the companies.” reported BleepingComputer.

Below the list of database offered for sale by the threat actor.

Company # of records Alleged Breach Date
DarkThrone 282,825 June 2020
Efun 2.2 million 2020
Fluke 353,321 June 2020
Footters 209,783 June 2020
HomeChef 8 million 2020
JamesDelivery 1.6 million March 2020
KitchHike 115,480 June 2020
KreditPlus 896,170 June 2020
Minted 4.3 million May 2020
Playwings 4.1 million April 2020
Revelo 1.1 million June 2020
Tokopedia 91 million April 2020
Yotepresto 1.4 million June 2020
Zoosk 29.1 million January 2020

Users of the above websites are recommended to change their passwords on the breached site and on any other site where they used the same credentials.

The availability of this data online poses a serious risk to the users that could be targeted with credential stuffing attacks.

The same threat actor is also selling databases from older breaches including EpicGames, Star Tribune, ZyngaPoker, and Wirecard.

Pierluigi Paganini

(SecurityAffairs – hacking, data breaches)

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We will assume you are ok with this, but you can opt-out if you wish. Accept Read More

%d bloggers like this: