Threat actors are offering for sale 550 million stolen user records

Threat actors are offering for sale tens of databases on a hacker forum that contains roughly 550 million stolen user records.

Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020.

Another seller with *private* DBs (no they are not 100% private), but still a massive sale!#cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn— Cyble (@AuCyble) May 14, 2020The data could be used by crooks to launch credentials stuffing attacks against individuals and organizations.

Hackers are also offering for sale a separate database containing 47.1 million phone numbers that are part of Dubsmash data breach that occurred in 2018.

Below the list of databases, published by Bleepingcomputer, that are available for sale:

CompanyAmountData Breach DateEvite.com101 millionMarch 2019Tokopedia.com91 millionApril 2020piZap.com60.9 millionApril 2018Netlog.com (Twoo.com)57 millionNovember 2012Dubsmash.com Phone numbers47.1 millionDecember 2018Shein.com42 millionJune 2018Fotolog.com33.5 millionDecember 2018CafePress.com23.6 millionFebruary 2019Wanelo.com Customers23.2 millionDecember 2018OMGPop.com21.4 millionAugust 2019SinglesNet.com16.3 millionSeptember 2012Bukalapak.com13 millionFebruary 2018Bookmate.com8 millionJuly 2018ReverbNation.com7.9 millionJanuary 2014Wego.com6.5 millionN/AEatStreet.com6.4 millionMay 2019PumpUp.com6.4 millionN/ACoffeeMeetsBagel.com6.2 millionMay 2018Storybird.com4 millionDecember 2018Minube.net3.2 millionMay 2019Sephora.com3.2 millionJanuary 2017CafeMom.com2.6 millionApril 2014Coubic.com2.6 millionMarch 2019Roadtrippers.com2.5 millionMay 2019DailyBooth.com1.6 millionApril 2014ClassPass.com1.6 millionOctober 2017ModaOperandi.com1.3 millionApril 2019Rencanamu.id (Youthmanual.com)1.1 millionJanuary 2019StreetEasy.com1 millionMay 2018Yanolja.com1 millionMarch 2019Users can verify if their credentials are part of one of the above breaches querying the the Cyble’s amibreached.com data breach lookup service.

Those who have their account exposed in one of the above incidents are recommended to change their password.

The post Threat actors are offering for sale 550 million stolen user records appeared first on Security Affairs.