Hackers Selling a Total of 34 Million User Records Stolen

The threater sells account databases with a total of 34 million user accounts, which he claims were stolen by seventeen companies during the leak.

It was first published on the 28th. October announced by a broker who created a new topic on a forum of hackers who wanted to sell databases of stolen users to seventeen companies.

Sale of exclusive private databases. These databases are recent and have never been sold before. Limited sales

This formula has already become popular and one wonders what information will be included in this sale.

Who is responsible for the data breach?

The seller has made it clear that he is not responsible for hacking seventeen companies and that he only acts as a database broker.

In addition, according to the vendor, the account databases are the result of data leakage in 2020, but as of this week, none of the companies involved has released more information about security breaches.

Enterprises and data suspected of non-compliance by 2020

It is important to note that all seventeen databases sold in 2020 have been received and data such as telephone numbers, credit card details, e-mails, SHA256/512, md5crypt and bcrypt passwords, etc. are made public.

According to the vendor, the following information will be disclosed for each violation:

  • Redmart.lazada.sg: E-mail, SHA1 encrypted passwords, mailing and billing addresses, full name, phone numbers, some credit card numbers and expiration dates
  • Everything5pounds.com: email, hashed passwords, name, gender, phone number
  • Geekie.com.br: email, bcrypt-sha256/sha512 hash passwords, usernames, names, DoB, gender, mobile phone number, Brazilian CPF numbers
  • Cermati.com: – e-mail, crypt password, name, address, telephone, income, bank, taxpayer number, identification number, gender, profession, company, mother’s maiden name
  • Clip.mx: e-mail, phone
  • Catapult.com : E-mail, Password pbkdf2-sha256/unknown, Name
  • Eatigo.com : E-mail, md5 password, name, phone, gender, Facebook ID and token
  • Wongnai.com : email, md5 password, ip, facebook & twitter ID, name, date of birth, phone, zip
  • Toddycafe.com : E-mail, unknown password, name, phone number, address.
  • Jeu24h.vn: email, md5 password, username, date of birth, last name
  • Wedmegood.com: E-mail, Sha512 password, phone, Facebook login.
  • W3layouts.com: – email, password bcrypt, ip, country, city, state, telephone, title
  • Apps-builder.com: email, md5crypt password, ip, name, country
  • Invideo: E-mail, password encryption, name, phone.
  • Coupontools.com : E-mail, password encryption, name, telephone, gender, date of birth
  • Athletico.com.br: e-mail, md5 password, name, cpf, date of birth
  • Fantasycruncher.com : e-mail, password bcrypt/sha1, username, ip

Safer safety measures

If you are a user of one of these websites, it is advisable to change your password and change the password of all other websites when you are likely to use the same password everywhere.

You can follow us on Linkedin, Twitter, Facebook to get daily news about cybersecurity and hackers.

Also read

VOIP unveils 350 million customer records Service Provider

Platform for the supply of pirated food – More than 400,000 customers were exposed.

Related Tags: