The dark web hacker “Gnosticplayers” has quickly made a reputation for his high-profile data breaches and selling user data on the infamous Dream marketplace. A couple of days ago the hacker was selling 126 million accounts stolen from new data breaches and now, the same hacker is back with another list of compromised websites which is another blow to victims.
How much?
This time, Gnosticplayers is selling a whopping 92 million user accounts stolen from 8 hacked websites. The data includes much more than emails and passwords and it is all available for buyers to get their hands on for Bitcoin depending on the worth of the compromised website.
Who are the victims this time?
Although the real victims of this data breach are those who trusted these websites with their data, here is a list of targeted websites:
- Legendas.tv
- JobandTalent
- Onebip
- Storybird
- StreetEasy
- Gfycat
- ClassPass
- piZap
Legendas.tv (3 million+ — BTC 0.349 ($1248)
Legendas.tv is a popular Brazilian entertainment website allowing users to download subtitles for movies and TV shows. The word Legendas means Subtitles in Brazilian Portuguese.
Legendas.tv is one of the eight sites that have been compromised by Gnosticplayers and its data is now available for sale on Dream Dark Web marketplace.
A look at sample data revealed that the database was dumped in October 2017 however the date of Legendas.tv’s data breach is unclear. The current price for this database is BTC 0.349 ($1248) and offers usernames, emails and clear text passwords of more than 3 million users.
JobandTalent (11 million+ — BTC 0.465 ($1664)
JobandTalent is a Spain-based job-matching marketplace that matches candidates to the right jobs and companies to the employees. Today, the company is the news because it suffered a massive data breach in which 650MB of data was stolen and dumped on the Internet in February 2018.
A look at sample data shows that the data is currently being sold for BTC 0.465 ($1664) and includes first name, surnames, email addresses, and their passwords hashed with Sha1 algorithm. The number of victims goes beyond 11 million.
Onebip (2 million — BTC 0.2617 ($936)
Onebip is Italy based payment solution for digital merchants and app developers, therefore, this breach is of high significance. According to Gnosticplayers’s listing Onebip suffered a data breach in which its data was leaked in October 2017.
The database is currently being sold for BTC 0.2617 ($936) and contains a treasure trove of data belonging to more than 2 million users including full names, job title, country code, State, city, physical address, zip code, company name, country name, fiscal code, bank name and address, name of bank account holder, account number, account’s swift code, IBAN, PayPal ids, registration date, last login and number of login attempts, etc.
What’s worse is that the database also contains emails and their clear text passwords which means buyers can simply log in to Onebip accounts unless the company allowed users to enable 2FA.
Storybird (4 million — BTC 0.2326 ($832)
Storybird is also a popular website allowing kids and adults to discover their talents in writing. However, the bad news is that Storybird is also in the list of compromised websites.
A look at sample data shows Storybird suffered a data breach in 2015 and the stolen data included email, password hash, and username, etc. In total, the number of targeted victims goes up to 4 million while the price of the database is BTC 0.2326 ($832).
StreetEasy (1 million — 0.1745 ($624)
StreetEasy is a highly popular New York City’s leading real estate marketplace and the company’s site is also among the list of compromised websites. A look at sample data revealed that StreetEasy’s data was dumped on the Internet in May 2018 which included username, email, password hash, and salt, etc.
The database which contains 1 million user accounts is currently being sold for BTC 1745 ($624).
Gfycat (8 million — BTC 0.349 ($1248)
Gfycat a popular user-generated short video hosting company also known as a pioneer of the video alternative to GIF revolution in 2013. However, Gfycat suffered a data breach in 2018 and now its data is being sold for BTC 0.349 ($1248).
The total number of stolen account is more than 8 million (1GB database) and includes username, email and password hashes.
ClassPass (1.5 million — BTC 0.2036 ($728)
ClassPass is a monthly fitness membership that allows you to access thousands of different classes at studios and gyms in any ClassPass city. However, ClassPass’ website was hacked in 2018 and now Gnosticplayers is selling 1.5 million ClassPass accounts for BTC 0.2036 ($728).
The sold data includes email, password hash, username, country, sex, and full name.
piZap (65 million — BTC 0.581 ($2080)
piZap is a popular online Photo Editor website which suffered a data breach in 2018 allowing hackers to steal a 4GB database containing a whopping 60 million user accounts.
The data is now being sold on the Dark Web marketplace for BTC 0.581 ($2080) and includes Facebook user ID, password hash and email address.
Why?
Previously, Gnosticplayers claimed that the sole purpose of these data breaches was to put Pakistan in the timeline and give a positive image of the country but now according to description on sample data the hacker is protesting the arrest of George Duke-Cohan, a teen who was arrested for DDoS attack on ProtonMail and making fake bomb threats.
Cohan was arrested by the United Kingdom’s National Crime Agency however he is also wanted by the US authorities over cyber attacks. Although Cohan was sentenced to 3 years in prison his prison term in the US was extended by 65 years.
“George Duke-Cohan is a young and talented boy, instead of giving him a chance, the UK govt sends him to prison for three years. Now, he’s been told by the American government, that he faces 65 years for the offense he was already sentenced to three years in the UK. It means he will be judged twice?,” Gnosticplayers wrote in their message.”
Gnosticplayers is also vowing to release more data “if Cohen is not given a fair justice.”
“May this upcoming release of dumps serve as a reminder: When countries claim to respect their citizens, they have duty protect them. I wouldn’t be surprised whether GeorgeDuke-Cohan ends his life, the UK gov already destroyed him and doing this is like sentencing him to death. If he is not given a fair justice during the upcoming days, weeks, years, more data will be released,” Gnosticplayers threatened.
List of previous data breaches carried out by Gnosticplayers
- Ge.tt
- ixigo
- Roll20
- Houzz
- Coinmama
- YouNow
- PetFlow
- Stronghold Kingdoms
In the above-mentioned list, Gnosticplayers was selling 126 accounts while in the below-mentioned list the total number of sold accounts was 620 million.
- Dubsmash — 162 million accounts
- MyFitnessPal — 151 million accounts
- MyHeritage — 92 million accounts
- ShareThis — 41 million accounts
- HauteLook — 28 million accounts
- Animoto — 25 million accounts
- EyeEm — 22 million accounts
- 8fit — 20 million accounts
- Whitepages — 18 million accounts
- Fotolog — 16 million accounts
- 500px — 15 million accounts
- Armor Games — 11 million accounts
- BookMate — 8 million accounts
- CoffeeMeetsBagel — 6 million accounts
- Artsy — 1 million accounts
- DataCamp — 700,000 accounts
For now, the only advice we can give is changing your email’s password, the password on the account on the breached sites and contacting your bank to inquire about any suspicious transaction that took place using your credit card data. Moreover, change the password for your social media accounts as well.
