Hundreds of millions of stolen online accounts have been found for sale on the Dark Web (opens in new tab).
As many as 617 million accounts from 16 popular websites were detected on the Dream Market website on the notorious Tor network.
For the equivalent of $20,000 in Bitcoin, hackers could get hold of information including account names, email addresses and passwords - although the latter appear to still be hashed, meaning they still require cracking to be able to be used.
- Best antivirus of 2020
- Why risk-based security is the key to driving business value in 2020
- How AI can prevent a Marriott situation from happening again
Stolen accounts for sale
The haul was highlighted to The Register (opens in new tab) by the apparent seller, who provided the site with sample records from the collection.
Some of the worst hit sites were Dubsmash (162 million accounts) MyFitness Pal (151 million) and MyHeritage (92 million), with other victims including dating sites, ecommerce stores and gaming studios.
The database was put up for sale by a single hacker, who according to The Register, claimed the information was stolen during 2018. The hacker cracked security vulnerabilities within web apps to be able to deploy remote-code execution, allowing them to easily extract user account data.
The Register contacted MyHeritage to see if the sample information it was provided was real, as the site had suffered a data breach last year, with the genealogy site confirming the data was legitimate.
The hacker claimed to already have secure one buyer, with more potentially to come.
- Keep your data private online with the best VPN of 2020