Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Who Stole 620 Million Records Strikes Again, Stealing 127 Million More (techcrunch.com)

Posted by BeauHD on from the there's-more-where-that-came-from dept.

An anonymous reader quotes a report from TechCrunch: A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites -- some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto. But several other hacked sites on the marketplace listing didn't know or hadn't disclosed yet -- such as 500px and Coffee Meets Bagel. The Register, which first reported the story, said the data included names, email addresses and scrambled passwords, and in some cases other login and account data -- though no financial data was included. Now the same hacker has eight additional marketplace entries after their original listings were pulled offline, including:

- 18 million records from travel booking site Ixigo
- Live-video streaming site YouNow had 40 million records stolen
- Houzz, which recently disclosed a data breach, is listed with 57 million records stolen
- Ge.tt had 1.8 million accounts stolen
- 450,000 records from cryptocurrency site Coinmama.
- Roll20, a gaming site, had 4 million records listed
- Stronghold Kingdoms, a multiplayer online game, had 5 million records listed
- 1 million records from pet care delivery service PetFlow

5 of 35 comments (clear)

  1. Why Don't These Hackers Make Money Legitimately? by dryriver · · Score: 2

    If you know enough scripting/IT to hack major websites without being caught, why not write a little software tool that does something legit, sell it on website, and make a living with that? Why not make a powerful website security boosting tool instead of HACKING websites? Would that be worth far less than putting happless people's credit card info and other details on the Dark Web? Unless of course these "hackers" are GOVERNMENT people. Perhaps Russian government people. Hacking Western companies not for itty-bitty money on the Dark Web, but simply to damage and inconvenience Westerners. Seriously, who is so good at hacking, and so poor at legit coding that they cannot make similar money writing something that has a legitimate use? Who are these "lone superhackers" who can go undetected by Western security agencies and just throw struff on the Dark Web? I smell Putin in these supposed "lone hacks".

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  2. Re:Why Don't These Hackers Make Money Legitimately by Major_Disorder · · Score: 4, Funny

    Because they will produce an amazing tool. Then spend the rest of their lives supporting morons trying to use it. Prison would be better than that hell. :)

    --
    First law of people: People are generally stupid.
  3. Here we go again... by bogaboga · · Score: 2

    ...Perhaps Russian government people...I smell Putin in these supposed "lone hacks".

    I can only conclude that you listen to a lot of western propaganda; wherein everything you just can't wrap your head around means >Russia
    The USA's own NSA has a long history of planting code , and at time hacking enemies and allies.

  4. Re: Why Don't These Hackers Make Money Legitimatel by ahodgson · · Score: 2

    Gee, I don't know. Maybe it's the constant stream of hacking attempts literally everyone running anything attached to the Internet sees daily from Russia and China.

  5. Security is a mentality not skill by FeelGood314 · · Score: 2

    Making something secure means thinking about security on day one. What is it that I want to have secure and who wants to get it. It means keeping things simple. I can write 15 lines of code that are secure as long as they don't call any other functions. After that things start getting risky. Frameworks build on other frameworks, multiple data bases, parsing any strings, it's all extra complexity. You really have to look at it and try and minimize what you want to keep secure. Make everything else fancy, make your email web page requires 1.1GB in memory (looking a you gmail), but let's keep the actual login tiny so one person can understand it.

    Seriously, think first and then remember simple and minimal is your friend in security