Account information of the largest 642 million accounts in the history leaked and sold on the dark web, the site did not grasp the outflow

ByWendelin Jacober

We found out that a total of 642 million account information leaked from SNS such as LinkdIn, Tumblr, MySpace and dating site "Fling" etc. are sold in the so-called "dark internet" dark web doing.

Cluster of "megabreaches" compromises a whopping 642 million passwords | Ars Technica
http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-a-whopping-642-million-passwords/

This incident was reported by security researcher Troy Hunt on May 30, 2016Blog entrywas. Mr. HuntA site "Have I been pwned? (HIBP)" that searches by your own email address or ID name to see if it was hacked and was in the past outflow listIt is also a person who operates the site, but he noticed an interesting phenomenon when adding information to the database of the site.

The phenomenon is said to have some common points in details of the spill information uploaded around the end of May 2016. At the end of April 2016, 164 million account information of LinkdIn which leaked out in 2012 was added to the database, and at the end of May the same year more than 40 million account information of Fling's dating site Fling leaked in 2011 And 65 million account information of Tumblr who flowed out in 2013 are uploaded to the HIBP database, but both of them have been several years since the actual runoff. And none of the sites said they did not grasp this outflow.

In addition, password information leaked from MySpace,It is put out for sale for only 2,800 dollars (about 310,000 yen)The accident happens also.

It is also clear that these pieces of information are actually being sold in "Dark Web" accessed using "Tor (Tora)" which anonymizes the access route to the Internet. It is an account named "peace_of_mind" that sells 166 million account information of LinkdIn at a transaction price of 2 bit coins. (0.000000012 BTC / number)


For Fling with account number of 40 million, 0.5828 bit coin (0.000000015 BTC / case)


50 million Tumblr is 0.4255 bit coin (0.000000009 BTC / case)


360 million MySpace seems to be trading on 6 bit coin. (0.000000017 BTC / number)


And the evaluation on "peace_of_mind" is also a remarkable point. 24 people are "Positive", 2 people attach "Neutral (middle)", nobody added "Negative", actual buyers are generally satisfied with their contents It seems to be.


Well, why was it that data that passed several years after the outflow was sold, and that there are purchasers who are actually satisfied with the contents of the data, the latest wrapped in many mysteries Although it is a tendency of account leaking plays, from here it seems that there is a possibility that the data that actually flowed out at this moment will be put out for sale in a few years can not be denied. Although it is possible to reduce the risk if password management is carried out on a regular basis or if possible, security measures such as 2-step verification can be used to reduce the risk, but it is said that there is risk of this kind on the Internet anyway It seems to be said that consciousness should always be held.