The latest round of leaked data sold by a famous dark web netizen was noticed by The Hacker News, who already made three separate releases in different time intervals of leaked data for sale in a Dark web Marketplace.
While the dark web monitoring mode is consistent, with the large hidden services and contents lurking in this area the new round of release was done stealthily in nature in a Marketplace where Gnosticplayers released it. But before anyone could discover it, the hacker of the compromised database sent an email to The Hacker News. The sites that were hacked most likely had no idea that they were compromised.
List of the release
According to the seller himself that the latest release will be the last round. The following sites were the ones compromised which included the number of the affected accounts:
- Youthmanual — Indonesian college and career platform — 1.12 million accounts
- GameSalad — Online learning platform —1.5 million accounts
- Bukalapak — Online Shopping Site — 13 million accounts
- Lifebear — Japanese Online Notebook — 3.86 million accounts
- EstanteVirtual — Online Bookstore — 5.45 Million accounts
- Coubic — Appointment Scheduling — 1.5 million accounts
How much does this cost?
They are sold individually in Dream Market, however if all of these are totaled it will be roughly around 5000 USD, or an estimated 1.2431 Bitcoin(might change due to fluctuation).
Most likely it is legitimate, we have the right to doubt on wares within the darknet. However, due to the fact that the last three rounds of release had the involved companies admitting that their database was indeed vulnerable leading to it getting compromised. Increasing the likeliness of this latest round to be also legitimate.
When you discover a breach what should you do?
In the world of ethical hacking, you should hold your horses! No matter how good your intention is you can still get jailed, depending on the company who you face off with. Consider the laws of the country, and the company’s terms and conditions.
It is best to legally participate in their bug-hunting program before exposing the vulnerabilities of one’s software. Also always practice signing a waiver that will assure you will not land in jail.