Posted on July 13, 2020 at 5:43 PM
A hacker claimed he broke into the backend servers of a U.S security firm and stole important data from the security firm’s “data detection” service. The hacking group is acting as payback against the security outfit’s owner who exposed their activities in a published book.
According to the hacker, the stolen information includes more than 8,200 databases containing details of billions of users retrieved from the “data detection” service of the affected firm.
The databases were collected from a data compromise monitoring service known as DataViper which is managed by Vinny Troia, the security researcher that owns Night Lion Security, a U.S-based cybersecurity company.
The monitoring service offered by the data leak firm is very common among cyber-security companies. The security firms usually scan hacking forums, dark web, and other places to retrieve details about firms that have their data compromised online.
These companies collect “hacked databases in private backends to give customers the chance of searching and monitoring their employees to find out when their credentials are compromised online. This enables the companies to prevent any data compromise and stay more prepared in case there is any attempt on the employees’ system.
Earlier, the NightLion hacking group sent emails to dozens of cyber-security reporters about their data breach. The mails contain links to a dark web where details about the hack were published.
The website contains an electronic magazine (e-zine) which details the infiltration of the backend servers of DataViper. Based on claims by the hackers, they have been infiltrating the DataViper servers for three months without any trace of their activities.
8,225 databases stolen
The actual number of stolen databases, according to the hacking group, is 8,225 databases, all of which Troia indexed inside the DataViper service. It also contained evidence that the hackers had access to the DataViper backend and a list of 282 downloadable JSON documents with samples from the stolen data.
Additionally, the hacker put up 50 of the largest stolen databases for sale on the Empire dark web, where stolen databases are sold.
However, the majority of the over 8200 databases contained information stolen from old data breaches that occurred some years back, as the data has already been exposed online before now. But it also contains some new databases that have not been disclosed in the public before.
Hacker only breached a test server
While Night Lion security stated that the hackers were not able to breach the main DataViper servers, the hacking group insisted that the hacking attempt was successful and more details will be published soon. The security team at DataViper pointed out that the hackers were only able to breach a test server.
Troia reiterated that the hackers may be selling a previously stored database but not any information they got from the company.
He said the data had been online for many years, which shows it has been obtained from the hackers’ servers or the servers of their affiliates, and not from DataViper.
Hacking linked to notorious hacking groups
Troia also insinuated that the hackers have links with other hacking groups such as GnosticPlayers, ShinyHunters, and TheDarkOverlord.
All these groups are renowned hacking groups with prolific hacking records. They have stolen thousands of data in hundreds of breaches, and the NightLion had indexed some of the breaches in the stolen DataViper database.
Troia said the fact that these groups have a strong link with the NightLion hacking group, as some of their hacked records were also seen in NightLion’s alleged DataViper stolen files. According to Troia, the idea of the hackers was to stop him from exposing them.
Additionally, Troia also recorded some activities of the groups and recorded it in a recently published book this spring. He pointed out that the motive of the hacker is probably to dent his image as he was about featuring in a talk show on Wednesday at the SecureWorld cybersecurity conference. He had already informed the public the talk show is going to expose the hackers and show their real-world identities.