Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web

A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace.

This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which he’s asking 1.2431 bitcoin ($4,940).

The hacker’s name is Gnosticplayers, and since February 11 the hacker has put up for sale data for 32 companies in three rounds [stories on Round 1, Round 2, and Round 3] on Dream Market, a dark web marketplace.

Today, the hacker published a new batch of files from six new companies, namely game dev platform GameSalad, Brazilian book store Estante Virtual, online task manager and scheduling apps Coubic and LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian student career site YouthManual.

Company DB size Breach date Price Content
GameSalad (game dev platform) 1.5 Mil 2019/02 ฿0.0785 email, password (SHA1/SHA256), username, IP address
Estante Virtual (Brazilian book shop) 5.45 Mil 2019/02 ฿0.2618 name, username, password (SHA1), address, email, phone number
Coubic (scheduling software) 1.5 Mil 2019/02 ฿0.157 name, email, password (SHA256)
LifeBear (Japanese scheduling app) 3.86 Mil 2019/02 ฿0.2618 email, password (MD5), username, event details, app settings
Bukalapak (Indonesian e-commerce site) 13 Mil 2017/07 ฿0.34 username, name, email, password hash (SHA512+salt), shopping details, IP adress, other
YouthManual.com (Indonesian youth student and career site) 1.12 Mil 2019/02 ฿0.144 name,email, password hash (SHA1+salt), hobbies, education, other

Gnosticplayers Round 4 Image: ZDNet

ZDNet has reached out to the allegedly hacked companies with emails earlier today. It is worth mentioning that many of the companies whose data Gnosticplayers has sold in the previous three rounds have already confirmed breaches.

The difference between Round 4 and the previous three rounds is that five of the six databases Gnosticplayers put up for sale were acquired during hacks that have taken place last month, February 2019.

The hacker said that he put up the data for sale mainly because these companies had failed to protect passwords with strong encryption algorithms like bcrypt.

Most of the hashed passwords the hacker put up for sale today can cracked with various levels of difficulty –but they can be cracked.

“I got upset because I feel no one is learning,” the hacker told ZDNet in an online chat earlier today. “I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry.”

In a conversation with ZDNet last month, the hacker told us he wanted to hack and put up for sale more than one billion records and then retire and disappear with the money.

But in a conversation today, the hacker says this is not his target anymore, as he learned that other hackers have already achieved the same goal before him.

Gnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale. Some companies gave into extortion demands and paid fees so breaches would remain private.

“I came to an agreement with some companies, but the concerned startups won’t see their data for sale,” he said. ” I did it that’s why I can’t publish the rest of my databases or even name them.”

More data breach coverage:

READ MORE HERE