Millions Of Compromised Accounts Discovered On The Dark Web

The Dark Web is a strange place where one can conduct all sorts of illegal activities including selling illegal drugs, weapons, social security numbers, documents and stolen data. 

Recently, the social engineering experts at breach notification website Hacked-DB discovered a massive trove of data containing login credentials of millions of users on the dark web.

In total, Hacked-DB say they have discovered 3,000 databases containing 200 million unique user accounts including containing email addresses, potential personally identifiable information, potential financial accounts, unique IP addresses, unique account identifiers and other highly sensitive information linked to organizations and individuals all around the world.

The vast majority of these compromised databases were not detected prior to this leak and the overall size of the files leaked is 9GB. The leak includes databases from 2011 to today in 2018, and the information includes personal accounts with clear text or hashed passwords that can easily be reversed to the password itself. Hacked-DB Chief Operation Officer Mr. Yogev Mizrahi told HackRead that: “This leak is extremely interesting from a hacker’s point of view since it can potentially give adversaries a fairly large ground of identities to work with when it comes to identifying theft and such”.

Hacked-DB CEO Mr. Chen Heffer said that “These leaks go mostly under the radar since they are not published to the public anywhere and by no one. Our team of white hat hackers in Hacked-DB work 24/7 in looking for this type of information in the dark web to bring the value-add to our clients and help organisations protect their IP and identities”.

What might be worrisome is the fact that the data is available for anyone to download on a file-sharing website and it is only a matter of time before malicious actors get their hands on it.

Previously, owner of HaveIbeenPwned Troy Hunt discovered Anti Public Combo List and Exploit.in dumps with billions of user accounts and just a few days after, both lists were available for download on the Dark Web and hacking forums.

Moreover, In December last year, 4iQ researchers also discovered a 41GB data file containing 1.4 billion billion login credentials including emails and passwords in clear-text format. 

The recent finding from Hacked-DB shows there is a ton of data on the Dark Web which poses a massive threat to the user as well as the targeted firms since either none of them have any idea about the breach or the companies are hiding it from users.

HackRead

You Might Also Read: 

What Is the Dark Web? Can You Access It?:

Is Your Data Being Sold On The Dark Web?:


 

« Eight Reasons Why Facebook Has Peaked
Foreign Interference In US Elections 'Will be repeated' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.