Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.
Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020.
The data could be used by crooks to launch credentials stuffing attacks against individuals and organizations.
Hackers are also offering for sale a separate database containing 47.1 million phone numbers that are part of Dubsmash data breach that occurred in 2018.
Below the list of databases, published by Bleepingcomputer, that are available for sale:
|Company||Amount||Data Breach Date|
|Evite.com||101 million||March 2019|
|Tokopedia.com||91 million||April 2020|
|piZap.com||60.9 million||April 2018|
|Netlog.com (Twoo.com)||57 million||November 2012|
|Dubsmash.com Phone numbers||47.1 million||December 2018|
|Shein.com||42 million||June 2018|
|Fotolog.com||33.5 million||December 2018|
|CafePress.com||23.6 million||February 2019|
|Wanelo.com Customers||23.2 million||December 2018|
|OMGPop.com||21.4 million||August 2019|
|SinglesNet.com||16.3 million||September 2012|
|Bukalapak.com||13 million||February 2018|
|Bookmate.com||8 million||July 2018|
|ReverbNation.com||7.9 million||January 2014|
|EatStreet.com||6.4 million||May 2019|
|CoffeeMeetsBagel.com||6.2 million||May 2018|
|Storybird.com||4 million||December 2018|
|Minube.net||3.2 million||May 2019|
|Sephora.com||3.2 million||January 2017|
|CafeMom.com||2.6 million||April 2014|
|Coubic.com||2.6 million||March 2019|
|Roadtrippers.com||2.5 million||May 2019|
|DailyBooth.com||1.6 million||April 2014|
|ClassPass.com||1.6 million||October 2017|
|ModaOperandi.com||1.3 million||April 2019|
|Rencanamu.id (Youthmanual.com)||1.1 million||January 2019|
|StreetEasy.com||1 million||May 2018|
|Yanolja.com||1 million||March 2019|
Users can verify if their credentials are part of one of the above breaches querying the the Cyble’s amibreached.com data breach lookup service.
Those who have their account exposed in one of the above incidents are recommended to change their password.
(SecurityAffairs – threat actors, hacking)