A collection of 127 million records were stolen from eight companies which was then put up for sale on the Dream Market marketplace by a seller named “gnosticplayers” and demands amount worth $14,500 in bitcoin for the whole batch.
It was just a week ago that the same seller has listed another collection of 620 million accounts which were stolen from 16 other breached companies. Those collections were priced at around $20,000 in bitcoin. It is still not clear whether it is gnosticplayers who had actually stolen the data or whether they are just a third party who had purchased the data from the hackers for selling it for a higher profit.
Dream Market is a dark web market that was started in November 2013 and it allocates anonymous access to illegal items and services such as drugs, malicious tools, weapons or even stolen user data promptly packaged for further exploitation.
This collection of hacked accounts includes data from the following companies:
- Ge.tt (file sharing service) – 1.83 million accounts
- Ixigo (travel and hotel booking) – 18 million accounts
- Roll20.net (gaming) – 4 million accounts
- Houzz (interior design) – 57 million accounts
- Coinmama (cryptocurrency exchange) – 420,000 accounts
- Younow (live streaming) – 40 million accounts
- StrongHoldKingdoms (gaming) – 5 million accounts
- Petflow (pet food delivery) – 1 million accounts
After the first collection were kept for sale, the seller gnosticplayers removed the collections of accounts from the market to prevent more customers from buying them and losing control of the “merchandise”. Similarly, the new collection of 127 million records were also removed after it had been put up for sale.
After deactivating the marketplace entries, the seller stated that all the listings have been removed, to avoid them being bought so many times and being leaked, as a respect for the buyers. The seller also assures that the next round of breaches would be arriving shortly. The total 24 collections that contains around 747 million stolen user credentials are no longer available for sale now.
Out of the 8 companies whose data were stolen and listed on the dark web market, only interior design site Houzz revealed about the data breaches.
A company YouNow, which was one among the companies stated that their security experts are examining the situation but they are not in a position to respond until they get more information.