Another day another cyber-security hack attack. This time, it concerns multiple sites. It was recently revealed that nearly 750 million records from 24 hacked sites were put up for sale by an anonymous seller. However, the hacker didn’t stop at that and returned to inflict more damage.
The hacker started listing user data from countless renowned websites such as MyFitnessPal, Coffee Meets Bagel, Houzz, Roll20, among others. However, this past weekend, the hacker added another 8 sites to his collection (on dark web), containing around 91 million user records. In case you have lost the count, this totals the listing of user records from 30 companies, to about 841 million.
The point to note about the most recent listings is that it included sites such as OneBip, Legendas.tv, Storybird and Jobandtalent.com, these 4 sites combinedly faced 20 million accounts data theft. In addition to that, 1.5 million Classpass, 60 million Pizap (a photo editing tool), one million StreetEasy and 8 million Gfycat accounts were also among the ones subjected to this attack.
Moreover, the price of these eight recently hacked sites-login is 2.6 bitcoin, which amounts to over 9,620 US dollars.
The research team leader at IntSights, Ariel Ainhoren, revealed last week that the hacker was probably targeting every website using the same trick, and dumping the backend databases. The database we are talking about is, PostgreSQL. The concerned party at PostgreSQL denied to be aware of any vulnerabilities that could have been the reason behind the data breaches.
On being asked about these attacks, Gfycat and Pizap claimed to have been looking into the matter.
Users with accounts on affected websites and apps are advised to change their passwords, enable 2FA layer if possible and to not reuse the same password on multiple websites.
Read Next: A USB Cable Can Now Hack Your Data Easily
Photo: Supershabashnyi, iStock by Getty Images
The hacker started listing user data from countless renowned websites such as MyFitnessPal, Coffee Meets Bagel, Houzz, Roll20, among others. However, this past weekend, the hacker added another 8 sites to his collection (on dark web), containing around 91 million user records. In case you have lost the count, this totals the listing of user records from 30 companies, to about 841 million.
The point to note about the most recent listings is that it included sites such as OneBip, Legendas.tv, Storybird and Jobandtalent.com, these 4 sites combinedly faced 20 million accounts data theft. In addition to that, 1.5 million Classpass, 60 million Pizap (a photo editing tool), one million StreetEasy and 8 million Gfycat accounts were also among the ones subjected to this attack.
Moreover, the price of these eight recently hacked sites-login is 2.6 bitcoin, which amounts to over 9,620 US dollars.
Related: A New Trojan Uses Antivirus Software to Steal DataAlthough not much is known about the hacker as of now and no financial data seems to be among the stolen assets, TechCrunch’s report has revealed that the accounts include some patterns of emails and usernames, along with names, locations as well as account creation dates and passwords organized in various formats. Other account information is also included.
The research team leader at IntSights, Ariel Ainhoren, revealed last week that the hacker was probably targeting every website using the same trick, and dumping the backend databases. The database we are talking about is, PostgreSQL. The concerned party at PostgreSQL denied to be aware of any vulnerabilities that could have been the reason behind the data breaches.
On being asked about these attacks, Gfycat and Pizap claimed to have been looking into the matter.
Users with accounts on affected websites and apps are advised to change their passwords, enable 2FA layer if possible and to not reuse the same password on multiple websites.
Read Next: A USB Cable Can Now Hack Your Data Easily
Photo: Supershabashnyi, iStock by Getty Images
