Leave a comment

617 million stolen accounts from 16 websites are now up for sale - are you at risk?

617 million stolen accounts from 16 websites are now up for sale - are you at risk?

It's been a rough start for cybersecurity in 2019 as hackers have been busy peddling their wares to usher in the new year. In January, we reported about Collection #1, a cache of data that affects nearly three-quarters of a billion email accounts and more than 20 million passwords from around 2,000 leaked databases. 

Two weeks later, the existence of four other caches of data, named Collections #2 to #5,  was revealed, exposing another 2.2 billion unique usernames and passwords.

And it looks like the hits will just keep on coming. It appears that another massive treasure trove of account details is up for grabs in the dark web. Is your data at risk?

Another set of stolen user credentials is up for grabs

This week, around 617 million account details stolen from 16 compromised websites are now on sale on the dark web. The seller's asking price for the stolen data? Less than $20,000 in Bitcoin.

The Register revealed that the databases were spotted on an underground trading site called The Dream Market, and samples tested from the collection appear to be legitimate. The cache of data includes account holder names, email addresses and passwords. The passwords, however, are either hashed or one-way encrypted so they have to be cracked before they can be used.

Other forms of information were also exposed, depending on the site and service, including location, personal details and social media authentication tokens. Thankfully, it looks like there are no payment and banking details in the sales listings.

But what is the dark web exactly? Click below and listen as Kim Komando breaks it down for you in this two-part podcast episode:

Why is this data so valuable?

These big databases of stolen details are valuable for a reason. The information can be used by hackers for a technique called "credential stuffing." This is when someone feeds the credentials to an automated program that tries them all out on various websites, hoping that people have reused their passwords on multiple services.

For example, a determined hacker can crack the weaker encrypted passwords on the list then try the email and password combinations on more critical services like Google, Facebook or banking sites.

List of compromised sites

The sites included in the list are a mishmash of messaging apps, fitness and photography social networking sites, gaming portals and even a DNA family-tree tracing service.

Some of the services, like MyHeritage and MyFitnessPal, have publicly disclosed their data breaches last year, but it's the first time we've heard about the others.

Do you have an account with these services? Here's a list of the compromised sites:

  • Dubsmash (162 million accounts)
  • MyFitnessPal (151 million accounts)
  • MyHeritage (92 million accounts)
  • ShareThis (41 million accounts)
  • HauteLook (28 million accounts)
  • Animoto (25 million accounts)
  • EyeEm (22 million accounts)
  • 8fit (20 million accounts)
  • Whitepages (18 million accounts)
  • Fotolog (16 million accounts)
  • 500px (15 million accounts)
  • Armor Games (11 million accounts)
  • BookMate (8 million accounts)
  • CoffeeMeetsBagel (6 million accounts)
  • Artsy (1 million accounts)
  • DataCamp (700,000 accounts)

What now?

If you suspect that your accounts are part of older data leaks, it's a good time to review all your online credentials. This is a good reason why you should never ever reuse the same password for multiple online services and websites. Click here for new ways to come up with a secure password.

You can also check your email on a service like Have I Been Pwned. This website will check if your email address has been part of a data breach. Note: Google has released its own Chrome password checker tool. Click here to learn how to enable it.

Additionally, if you haven't done it yet, check your services if they support two-factor authentication (2FA) and enable it. 2FA gives you an extra layer of security that will help keep your accounts safe.

And while you're at it, better close old accounts that you rarely use. Here's an online tool that will help you do just that.

Bonus: No one can prevent all identity theft or cybercrime, or monitor transactions at all businesses. But our sponsor LifeLock with Norton Security can see threats you might miss on your own. Go to LifeLock.com or call 1-800-LIFELOCK, use promo code Kim for 10% off your first year

This security flaw allows hackers to take over an Android phone with an image

A critical Android security flaw was recently discovered, and this could be a big one. Hackers use one of the post popular image formats to break into the device and take control. If you have an Android, there is a good chance this might affect you.

Click or tap to find out how hackers are using images to get into your phone.

Next Story
Source: The Register
Organized crime ring caught selling fake cars on eBay and Craigslist
Previous Happening Now

Organized crime ring caught selling fake cars on eBay and Craigslist

Update the Target App now or you may pay more than you need to
Next Happening Now

Update the Target App now or you may pay more than you need to

View Comments ()