Account information for 600 million people stolen from all 16 sites will be on sale on the dark web

The Register reports that account information for 617 million people who were stolen from 16 services such as 500px and Dubsmash were sold at illegal buying and selling sites.

620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts • The Register
https://www.theregister.co.uk/2019/02/11/620 _million_hacked_accounts_dark_web /

According to The Register, the account data of users of 16 sites is being sold on February 11, 2018 on the dark web called Dream Market on the Tor network. These data are traded using the virtual currency bit coin, and even if all the data are combined, the price can be purchased for $ 20,000 (about 2.2 million yen).

According to The Register, sample account information extracted from a database with a capacity of several gigabytes is made up of owner name, e-mail address, and password, and it is assumed that it is a real thing. Since the password is encrypted, decryption work is necessary, but there seems to be data including information such as personal information and authentication token of social media. And some users are using passwords with multiple services, so it is considered possible to decrypt the encryption against other leaked data.

The number of services and outflow data sold, prices, etc. are as follows.

◆ Dubsmash
· 164.549 million cases, 0.549 BTC (about 218,000 yen)
· 11 GB data acquired in December 2018 · Lewis Brisbois, a law firm acting as an agent of Dubsmash, responded "I started the investigation"

◆ 500px
· 0.248 BTC (about 863,000 yen) at 148.7 million 304 cases
· 500px officials answered "We sent notification to already hacked users and reset all passwords"

◆ EyeEm
· 0.2369 BTC (about 115,000 yen) at 223667 cases
· 1.7 GB data acquired in February 2018 · spokespersons refused answers

◆ 8fit
· 0.2025 BTC (about 80,000 yen) in 2018 667 cases
· Including Facebook authentication token, Facebook profile photo · Answer that "We are investigating but refrain from comments"

◆ Fotolog
· About 16 million cases, 0.52 BTC (about 20 thousand yen)
· 5.9 GB data acquired in December 2018 · spokespersons refused answers

◆ Animoto
· 0.318 BTC (approximately 126,000 yen) in 25,42,283 cases
· Data of 2.1 GB acquired in 2018 · Answer that "System abnormality was confirmed in August 2018. The customer is affected, notified"

◆ MyHeritage
· 924,847 thousand cases, 0.549 BTC (about 219,000 yen)
· I can not confirm the evidence that the e-mail address or password leaked at the present time was misused

◆ MyFitnessPal
· 0.269 BTC (approx. 115,000 yen) with 1506,330,338 accounts
· Spokeswoman refuses answer

◆ Artsy
· 0.0289 BTC (about 11,500 yen) in 1.07 million cases
· 184 MB data acquired in April 2018 · spokespersons refused answers

◆ Armor Games
· 0.2749 BTC (about 109,000 yen) in 110,13617 cases
· Spokeswoman refuses answer

◆ Bookmate
· 0.159 BTC (about 63 thousand yen) in 802,6992 cases
· Spokeswoman refuses answer

◆ Coffee Meets Bagel
· 0.13 BTC (about 50,000 yen) at 6,174,513
· "An abuse has not been confirmed at the present time but it is under investigation" Answer

◆ DataCamp
· 0.03 BTC (about 5200 yen) in 700 thousand cases
· 82 MB of data acquired in December 2018 · Answering that the access log is being investigated to pinpoint the possibility of unauthorized access

◆ HauteLook
· 0.2 million BTC (28,000 yen) for 28 million cases
· 1.5 GB data acquired in 2018 · spokespersons refused answers

◆ ShareThis
· 0.217 BTC (about 86,000 yen) at 410,28098 cases
· Spokeswoman refuses answer

◆ Whitepages
· 0.477 BTC (about 173,000 yen) at 17,777,679 cases
· Spokeswoman refuses answer