A threat actor is selling databases stolen from 14 companies

June 30, 2020  By Pierluigi Paganini


A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020.

A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChefMintedTokopedia, and Zoosk) were previously reported data breaches.

The list of companies allegedly hacked include food delivery services, soccer streaming services, fashion and game sites, and loans.

The databases contain a total of 132,957,579 user records.

The databases are available for sale on multiple hacker forums, the all includes usernames and hashed passwords.

According to BleepingComputer, the prices for the databases can be as low as $100, while some databases available for sale go for $1,100.

“From samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been confirmed directly by the companies.” reported BleepingComputer.

Below the list of database offered for sale by the threat actor.

Company# of recordsAlleged Breach Date
DarkThrone282,825June 2020
Efun2.2 million2020
Fluke353,321June 2020
Footters209,783June 2020
HomeChef8 million2020
JamesDelivery1.6 millionMarch 2020
KitchHike115,480June 2020
KreditPlus896,170June 2020
Minted4.3 millionMay 2020
Playwings4.1 millionApril 2020
Revelo1.1 millionJune 2020
Tokopedia91 millionApril 2020
Yotepresto1.4 millionJune 2020
Zoosk29.1 millionJanuary 2020

Users of the above websites are recommended to change their passwords on the breached site and on any other site where they used the same credentials.

The availability of this data online poses a serious risk to the users that could be targeted with credential stuffing attacks.

The same threat actor is also selling databases from older breaches including EpicGames, Star Tribune, ZyngaPoker, and Wirecard.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breaches)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

 The University of California San Francisco (UCSF) revealed that it paid roughly $1.14 million to cybercriminals to recover...