A data breach broker is selling databases that contain user records for 14 different companies which were breached by hackers this year.
When a company is breached, the hackers usually download all the accessible databases, including account records. These databases are then either sold directly to other threat actors, or use the help of data breach brokers to sell them on their behalf.
A well-known data breach broker was found to be selling several databases on hacker forums over the last month that includes records acquired in data breaches conducted in 2020.
This broker currently sells database belonging to fourteen companies that include game sites, food delivery services, Soccer streaming, online fashion, and loans.
Each of the fourteen databases being sold contains different information, but they all include usernames and hashed passwords.
The data breach broker stated that the prices for these databases can be as low as $100, while others that he is selling are $1,100.
The companies who were allegedly breached and whose databases are being sold are DarkThrone, Efun, Fluke, Footters, HomeChef, JamesDelivery, KitchHike, KreditPlus, Minted, Playwings, Revelo, Tokopedia, Yotepresto, Zoosk.
Out of the databases, only four of the companies were known to be breached in the past which includes HomeChef, Minted, Tokopedia, and Zoosk.
Even though the data breaches look legitimate, none of the companies have directly confirmed it.
The databases contain a combined total of 132,957,579 user records containing large amount of information that can be used in credential stuffing attacks at other sites.
Besides these 2020 breaches, the broker is also selling databases from older breaches including Star Tribune, EpicGames, ZyngaPoker, ReverbNation, Wirecard, ClickFunnels, and many more.
If you have an account created in any of the breached websites, it is highly recommended to change your password to a strong and unique one. Also avoid using the same passwords at different sites.