Around 620 million online account details were stolen from 16 hacked websites and now it has been kept on sale on the dark web. The sale seems to be less than $20000 in Bitcoin and the stolen account details can be purchased from Dream market cyber souk located in the Tor network. The list of the 16 hacked websites obtained is as below :

  • Dubsmash(162 million)
  • MyFitnessPal (151 million)
  • MyHeritage (92 million)
  • ShareThis (41 million)
  • HauteLook (28 million)
  • Animoto (25 million)
  • EyeEm (22 million)
  • 8fit (20 million)
  • Whitepages (18 million)
  • Fotolog (16 million)
  • 500px (15 million)
  • Armor Games (11 million)
  • BookMate (8 million)
  • CoffeeMeetsBagel (6 million)
  • Artsy (1 million)
  • DataCamp (700,000).

Sample account records consists mainly of account holder names, email addresses and passwords. The passwords may be hashed or one way encrypted and must be cracked if needed to be used. Some of the other details hacked are location, personal details and social media authentication tokens. Information like payment or bank card details does not seem to be there on the list.

The sale is aimed at Spammers and credential stuffers, they will take usernames and passwords from one site to try and log into other websites which might be having the same credentials.

This also marks the first time this data, for all the listed sites has been peddled publicly if the claims are considered as true.