Hacker leaks database of dark web hosting provider

Leaked data contains email addresses, site admin passwords, and .onion domain private keys.

DH leaked

Image: ZDNet (provided)

A hacker has leaked online today the database of Daniel's Hosting (DH), the largest free web hosting provider for dark web services.

The leaked data was obtained after the hacker breached DH earlier this year, on March 10, 2020. At the time, DH owner Daniel Winzen told ZDNet the hacker breached his portal, stole its database, and then wiped all servers.

On March 26, two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites -- a third of all dark web portals -- went down following DH's shutdown.

Sensitive data leaked online

Today, a hacker going by the name of KingNull uploaded a copy of DH's stolen database on a file-hosting portal, and notified ZDNet, since we broke the news about the DH hack in March.

According to a cursory analysis of today's data dump, the leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains.

dh-sample.png

Image: ZDNet

"The leaked database contains sensitive information on the owners and users of several thousand darknet domains," threat intelligence firm Under the Breach told ZDNet today after we asked the company to analyze the leak.

Under the Breach said the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals.

"This information could substantially help law enforcement track the individuals running or taking part in illegal activities on these darknet sites," Under the Breach told ZDNet.

Furthermore, if the site owners moved their dark web portals to new hosting providers but continued to use the old password, hackers could also take over their new accounts -- if they crack the leaked DH hashed passwords.

However, while threat intelligence firms and law enforcement may comb the database in search of clues of users who hosted cybercrime-related sites, the leaked data may also put the owners of dissident and political sites at risk of having their identities exposed by oppressive regimes, which could have dire consequences if those users did not take necessary steps to protect their identities.

IP addresses, which could have helped law enforcement in some investigations, were not included in the dumped data.

Second time DH was hacked

The March 2020 hack was the second time that DH suffered a security breach. The site had been previously hacked in November 2018 when an intruder similarly breached the site's backend database server and deleted all sites. More than 6,500 were wiped at the time, but no data was ever leaked.

However, DH is not the only major dark web hosting provider to have been hacked. In 2017, the same Anonymous hacker collective took down Freedom Hosting II after they discovered that the hosting provider was sheltering child abuse portals.

KingNull, who also claimed to be part of the Anonymous hacker collective, did not return an email seeking additional comment.

Following the March 2020 hack, Winzen told ZDNet that he still plans to relaunch the service in several months, but only after several improvements, and that this was not a priority.