A hacker who spoke with ZDNet in February about wanting to put up for sale the data of over one billion users is getting dangerously close to his goal after releasing another 65.5 million records last week and reaching a grand total of 932 million records overall.
The hacker’s name is Gnosticplayers, and he’s responsible for the hacks of 44 companies, including last week’s revelations.
Since mid-February, the hacker has been putting batches of hacked data on Dream Market, a dark web marketplace for selling illegal products, such as guns, drugs, and hacking tools.
He’s released data from companies like 500px, UnderArmor, ShareThis, GfyCat, and MyHeritage, just to name the bigger names. Releases have been grouped in four rounds —Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).
HACKER RELEASES ROUND 5
Last week, the hacker notified ZDNet about his latest release –Round 5– containing the data of 65.5 million users, which the hacker claims to have taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women’s fashion store Moda Operandi, and Apple repair center iCracked.
While ZDNet has reached out for comment to each of the named businesses, most of the hacker’s previous 38 victims have confirmed hacks, so this new batch of stolen data is also very likely to be authentic as well.
Company | DB size | Price | Content |
---|---|---|---|
Mindjolt (gaming platform) | 28 Mil | ฿0.1008 | email, full name, birth date, register date, gaming details, no password |
Wanelo (digital mall) | 23 Mil | ฿0.159 | email, username, password (3 million MD5 & the rest bcrypt) |
Evite (e-invitations platform) | 10 Mil | ฿0.2419 | full name, country, email, IP address, password (cleartext) |
Yanolja (South Korean hotel and travel) | 1.5 Mil | ฿0.1209 | email, password (MD5) |
Moda Operandi (women’s fashion store) | 1.5 Mil | ฿0.1129 | email, name, password (SHA1), user-agent, IP address, and more |
iCracked (Apple device repair center) | 1.5 Mil | ฿0.1108 | name, physical address, geo-location details, email, password, and more |
Dream Market admins decided last month to shut down their marketplace on April 30, and transition users to a competing site after being bombarded by nearly non-stop DDoS attacks and ransom demands.
In an email to ZDNet, the hacker said he decided to put this data up for sale (for 0.8463 Bitcoin/~$4,350), regardless of the market’s impending closure.
THE QUEST FOR ONE BILLION
But while many will believe the hacker is putting all this data on sale for selfish, and obvious monetary reasons, there is more to Gnosticplayers’ actions than most people are aware.
In an interview with ZDNet after the release of Round 3 in February, the hacker was very candid about the reasons behind his sudden appearance in the public’s eye.
Hackers like Gnosticplayers are part of small underground communities of hackers and data hoarders. They hack companies, steal their data, and then sell it to vetted partners.
This data is filtered and organized in various categories. Stolen email addresses are sold to spam botnets. Financial details are sold to groups specialized in online fraud or tax scams. Usernames and cracked passwords are sold to botnet operators specialized in credentials stuffing attacks.
This is a lucrative business, and many of these hackers don’t have to sell their data on public marketplaces like Dream Market.
We say “public” because despite being hosted on the dark web, Dream Market is a very very public space, littered with law enforcement, journalists, and employees of many cyber-security firms.
Anyone selling data in such a public space is, without a doubt, looking for trouble and putting a bullseye on his back.
But according to Gnosticplayers, his foray into a public marketplace like Dream has two goals –besides the first and obvious one being money.