Posted on March 18, 2019 at 2:13 PM
26.42 million Company records stolen by a hacker last month has surfaced on the dark web for sale by the culprit.
A notorious hacker who is popular for selling user records has come back for the fourth round. According to the hacker’s advert, he has a total of 26.42 million records selling for 1.2431 BTC (4.940). The data for sale are records from 6 companies he hacked and stole their users’ data. The name of the hacker is Gnosticplayers, and he has successfully sold data from 32 companies since February.
This hacker from what we gathered has sold more than 840 million records since February, and he brings them in “rounds.” He started from “round one” and now, he is in the fourth round. Yesterday, Gnosticplayers hit Dream Market with files from 6 new companies. The breached companies include GamesSalad, a platform for developing games, Estante Virtual, a book store in Brazil. Three others include Coubic, task manager, a scheduling app LifeBear and Bukalapak, an e-commerce platform in Indonesia. The sixth company is YouthManual, a career site for students in Indonesia.
Yesterday, the hacker allegedly sent emails to the compromised companies. Note: The previous companies who suffered the same faith in other rounds have confirmed the incident. Presently, five companies in round four have not responded except Coubic saying that it is investigating the authenticity.
There is however a notable difference this time. Five companies this time lost their data to Gnosticplayers in February. The breach in their databases is not a new incident unlike in the previous rounds. We can’t say for sure, but it seems the companies didn’t notice a one-month-old breach in their database.
Gnosticplayers reasons for selling
According to the hacker, his reason for selling their data is because they didn’t use strong encryption such as bcrypt to protect user passwords. From the listing on Dream Market, you can notice that the passwords are not that easy to crack. However, the point is that they are still vulnerable to hackers attack.
Also, the hacker separated the details of each company according to the quantity of the records. We could see the company names, the size of their database, and date of the breach. Also, Gnosticplayers stated the contents he took from them and the price he wants.
The hacker chats with ZDNet
Chatting with ZDNet online, the hacker has expressed his anger over the laxity of the companies in protecting records. For him, people should have learned or improved their security systems.
Recalling another chat with ZDNet in February, Gnosticplayers stated that he would sell one billion user records, retire and runaway. However, yesterday, he explained that he had changed his mind. Well, the reason is that his competitors have broken the record before him.
Apart from revealing his plan, the hacker made another shocking revelation. He told ZDNet that the listing this time is not complete since he had to remove some companies. According to him, those companies paid handsomely and indulged them by removing their data.
In his statement, Gnosticplayers claim that he reached an agreement with some of the companies he hacked. Based on this, he will not list their companies and will not sell their data. As a result, he has withheld some contents of his database.