Nearly 620 million stolen accounts for sale on dark web

(Image credit: Shutterstock) (Image credit: Shutterstock)

Hundreds of millions of stolen online accounts have been found for sale on the Dark Web.

As many as 617 million accounts from 16 popular websites were detected on the Dream Market website on the notorious Tor network.

For the equivalent of $20,000 in Bitcoin, hackers could get hold of information including account names, email addresses and passwords - although the latter appear to still be hashed, meaning they still require cracking to be able to be used.

Stolen accounts for sale

The haul was highlighted to The Register by the apparent seller, who provided the site with sample records from the collection.

Some of the worst hit sites were Dubsmash (162 million accounts) MyFitness Pal (151 million) and MyHeritage (92 million), with other victims including dating sites, ecommerce stores and gaming studios.

The database was put up for sale by a single hacker, who according to The Register, claimed the information was stolen during 2018. The hacker cracked security vulnerabilities within web apps to be able to deploy remote-code execution, allowing them to easily extract user account data.

The Register contacted MyHeritage to see if the sample information it was provided was real, as the site had suffered a data breach last year, with the genealogy site confirming the data was legitimate.

The hacker claimed to already have secure one buyer, with more potentially to come.

  • Keep your data private online with the best VPN of 2020
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.