With the number of data breaches going up, privacy on the internet is literally becoming a myth. In what can be termed as the latest among these privacy breaches, cybercriminals have reportedly put 617 million hacked accounts for sale on the dark web. It is worth noticing that this database was collected from 16 separate data breaches and it is now listed on the dark web market place Dream Market, where drugs, weapons and other illicit items are sold.
The report, which first surfaced on The Register, claims that the hacked websites include MyFitnessPal, MyHeritage and Animoto. While data breaches on these websites were known, there were others in the list like 500px, which had earlier not reported a breach.
While the data troves are listed individually on the website, they are all being sold by the same vendor called ‘gnosticplayers’. The seller reportedly joined the Dream Market on February 6 and as of now, has a five-star rating. But then, it is worth mentioning that this rating has been given to him by a single buyer.
Gnosticplayers’ profile states, “Feel free to message me here on Dream Market to tell me what kind of data you’re searching (crypto, gaming, or huge data sets”, and I will list it here for sale right after. Since I have a huge reserve of fresh data, I probably have what you need. If the data does not correspond to what the breach information specifies, do an escrow dispute. However, carefully read the listing of what you’ll receive because if you purchase it you agree to receive the specified data.”
Considering that a number of listings were from undisclosed data breaches, cybersecurity experts have issued a warning that states that the scale of the breach could be massive and it may lead to change in public sentiment towards security.
Security experts also said that people should be vigilant and should look out for their accounts being compromised even if they don’t use the websites or services that report about data breaches any longer.
Also, since a lot of people have a tendency of using the same credentials across various platforms, this means that if one of their accounts gets compromised, hackers get vital information for all.
You can check if your email address has been compromised on a website called Have I Been Pwned, which keeps a track of all major data breaches.