A prolific hacker, known as “Gnosticplayers”, has put the details of 26 million users of six companies from across the globe up for sale. This is the fourth round of stolen data sales by the cyber criminal via a dark web marketplace in exchange for Bitcoin.
The cache of data varies depending on the company comprised. Most contain email addresses, usernames, password hashes, IP addresses, and various settings associated with the platform.
Gnosticplayers Wants Just 1.4231 Bitcoin for 26 Million Users’ Data
The companies impacted by this fourth round of data sales are video game development firm GameSalad; South American book shop, Estante Virtual; scheduling services Coubic and LifeBear; Bukalapak, a large Indonesian e-commerce platform; and YouthManual, a student career service also based in Indonesia.
The details are on sale at popular dark net marketplace Dream – one of many services that sprang up in the wake of the FBI seizure of Silk Road and ensuing Bitcoin auctions.
GameSalad users contributed 1.5 million of the more than 26 million impacted users. Gnosticplayers wants 0.0785 BTC for this cache of data, which includes passwords hashed using SHA1/SHA256.
Estante Virtual users made up a further 5.45 million. For these names, usernames, SHA1 passwords, addresses, emails, and phone numbers, the hacker demands 0.2618 BTC.
Coubic users account for 1.5 million of the total. This collection consists of names, emails, and passwords hashed using SHA256. It is priced at 0.157 Bitcoin.
The data of 3.86 million LifeBear users are also up for sale at 0.2618 BTC. This collection contains emails, passwords hashed using MD5, usernames, and other application data.
Accounting for the largest share of stolen data is Bukalapak at 13 million users. A payment of 0.3407 Bitcoin is required in exchange for this collection of usernames, names, emails, passwords (SHA256+salt), IP addresses, and other application data.
Finally, the other 1.12 million individuals impacted by Gnosticplayers’s work are from YouthManual.com. For these names, emails, passwords (SHA256+salt), and other background information, the hacker wants 0.144 BTC.
According to a report in ZDNet, Gnosticplayers is selling the data because they feel that the security standards of these huge companies is grossly inadequate. The tech publication managed to reach the hacker via an instant messaging platform:
“I got upset because I feel no one is learning. I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry.”
Gnosticplayers went on to state that they had many more details that they had not published. The hacker reportedly came to an agreement with some of the companies they had breached. For this reason, some of the details had to be held back.
As mentioned, this is not the first time Gnosticplayers has sold caches of stolen data on the dark web for BTC. This is the fourth such example in less than two months. The previous three rounds saw the sale of more than 700 million users’ data, obtained from services like live video streaming site, YouNow and Gif-sharing platform, Gfycat.