In only seven days, a solitary merchant put near 750 million records from 24 hacked destinations available to be purchased. Presently, the programmer has struck once more.
The programmer, whose character isn’t known, started posting client information from a few noteworthy sites — including MyFitnessPal, 500px and Coffee Meets Bagel, and all the more as of late Houzz and Roll20 — prior this week. This weekend, the programmer included a third round of information ruptures — another eight destinations, adding up to another 91 million client records — to their dull web commercial center.
To date, the programmer has uncovered ruptures at 30 organizations, totaling around 841 million records.
As indicated by the most recent postings, the destinations incorporate 20 million records from Legendas.tv, OneBip, Storybird, and Jobandtalent, just as eight million records at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another million StreetEasy property looking records.
The programmer is moving the eight extra hacked destinations for 2.6 bitcoin, or about $9,350.
From the examples that TechCrunch has seen, the records incorporate a few varieties of usernames and email addresses, names, areas by nation and district, account creation dates, passwords hashed in different configurations, and other record data.
We haven’t discovered any money related information in the examples.
Little is thought about the programmer, and it stays indistinct precisely how these destinations were hacked.
Ariel Ainhoren, inquire about group pioneer at Israeli security firm IntSights, disclosed to TechCrunch this week that the programmer was likely utilizing a similar endeavor to focus on every one of the locales and dump the backend databases.
“As a large portion of these locales were not known breaks, it appears we’re managing here with a programmer that did the hacks independent from anyone else, and not simply somebody who got it from elsewhere and now just exchanged it,” said Ainhoren. The product being referred to, PostgreSQL, an open-source database venture, said it was “as of now uninformed of any fixed or unpatched vulnerabilities” that could have caused the breaks.
We reached a few of the organizations before production. Gfycat reacted, saying it was investigating the rupture, and Pizap said it was “not mindful of any hack and will examine quickly.” We’ll refresh once it comes in.