Cyber Crime

Hacker steals databases from breach monitoring site; sells them online

DataViper, a breach monitoring site is owned by cybersecurity researcher Vinny Troia who vows to expose real-life identities of prominent dark web hackers in the upcoming conference.

Many cybersecurity firms today host online data breach monitoring services which let users know if their data has been leaked somehow. They do so by collecting hacked databases from both across the dark web and surface web comprising of underground forums, Pastebin sites, and other possible avenues.

Then, when a user makes a query to check if they have been compromised, the user’s email address or username is searched through these databases to identify if any leaked records exist. One such service is DataViper which is run by Vinny Troia from a cybersecurity company named Night Lion Security.

In relation to this, today, a hacker ironically named Night Lion has leaked 8,225 databases from DataViper alleging that they maintained access to the company’s servers for 3 months while collecting the data.




A dark web domain was even sent to numerous researchers that contain details of the breach. Alongside, 482 JSON files which have samples of the data were also provided as proof of the incident.

Image: Hackread.com

To reap reward, the top 50 databases in terms of size were subsequently posted for sale on Empire, a dark web marketplace by the hacker as shown in the photo below:

Screenshot of some databases among 8000+ on sale – Image: Hackread.com




A twist in this entire mess though is that the hacker has claimed that Vinny Troia – the owner – sold the data, something which has been strongly rejected by the accused on Twitter associating the attacker with several hacking groups.

Moreover, he has clarified that most of the databases had already been out in the open with the hacker supposedly selling their own databases. This statement was reiterated by him to ZDNet on a phone call stating that one server had been penetrated by the attacker but it was of little use since it happened to be a test instance.




Talking about the incentives behind this leak announcement, he pinned the blame on an attempt to tarnish his reputation, especially when he’s due to give a talk on Wednesday at a security conference where he plans to reveal the real-world identities of some of these hacking groups.

To conclude, we will see in the coming days how this unfolds and who is on the right. For now, a precautionary measure may be to check if your information is safe through another data breach service. The reason is that even if only a few new databases may have been leaked, they can harm your security if your data was a part of it.

To Top

Pin It on Pinterest

Share This