Hacker puts up for sale third round of hacked databases on the Dark Web

Hacker is selling 93 million user records from eight companies, including GfyCat.
Written by Catalin Cimpanu, Contributor

A hacker going by the name of Gnosticplayers has put up for sale another set of hacked databases on a Dark Web marketplace.

This is the third round of hacked databases the hacker has published on the Dark Web marketplace known as Dream Market. He previously posted a batch of 16 databases containing the data of 620 million users and a second batch of eight databases with the data of 127 million users.

Today, the hacker published eight more hacked DBs containing data for 92.76 million users. The biggest name in today's batch is GfyCat, the famous GIF hosting and sharing platform. The hacker is selling each database individually on Dream Market. Together, all eight are worth 2.6249 bitcoin, which amounts to roughly $9,400.

In an interview with ZDNet on Friday, Gnosticplayers took credit for the hacks and denied being just an intermediary.

The hacker says he intends to sell over one billion user records and then disappear with the money. His current total stands at roughly 840 million records.

"My two main goals are: -money -downfall of American pigs," he told us.

New leaks are coming, including one from a cryptocurrency exchange, the hacker told ZDNet.

The eight companies whose data Gnosticplayers put up for sale today are listed below:

DB sizeBreach datePriceContent
Legendas.tv (movie sharing service)
3.86 Mil
username, password (cleartext), email, IP address
Jobandtalent (job portal)
11 Mil
id, email, SHA1 encrypted password, password salt, first name, surname, current IP address
Onebip (mobile payment platform)
2.6 Mil
user ID, name, email, password (cleartext), address, company info, phone number, PayPal info, banking info, login logs, API key, and other
StoryBird (storytelling service)
4 Mil
email, password (SHA256), username, other
StreetEasy (real estate)
1 Mil
username, email, password hash (SHA1) and salt, other
GfyCat (GIF image hosting)
8 Mil
username, password hash (SHA512), email, other
ClassPass (fitness service)
1.5 Mil
email, password hash (SHA1), username, country, sex, full name
Pizap (online photo editor)
60.8 Mil
Facebook user ID, password hash (SHA1 / not for all), email address, other
Gnosticplayers round 3
Image: ZDNet

None of the eight companies listed in Gnosticplayers' ad had previously disclosed a data breach. ZDNet has sent requests for comment to the eight companies. We will update the article with any information we get back. However, many of the companies whose data the hacker has put up for sale in the past week have already admitted to suffering security breaches, making very likely that the data he's selling today is also legitimate.

In addition, each listing was also accompanied with the following message:

George Duke-Cohan is a young and talented boy, instead of giving him a chance, the UK govt sends him to prison for three years.
Now, he's been told by the American government, that he faces 65 years for the offense he was already sentenced to three years in the UK. It means he will be judged twice ??
May this upcoming release of dumps serve as a reminder:
When countries claim to respect their citizens, they have duty protect them. I wouldn't be surprised whether George Duke-Cohan ends his life, the UK gov already destroyed him and doing this is like sentencing him to death.
If he is not given a fair justice during the upcoming days, weeks, years, more data will be released....

George Duke-Cohan is a UK national who is part og the Apophis Squad hacking crew. He was arrested last summer and sentenced to three years in prison last December.

UPDATE: GfyCat told ZDNet that they have started an investigation into the hacker's claims.

"We can also confirm that any account databases are strongly encrypted and salted, so no plain text passwords would be in any compromised data," a spokesperson told us via email today.

A ClassPass spokesperson also told us they've launched an investigation. OneBip also started an investigation, and provided the following statement.

"Please rest assured that between 10/2017 and today there have been several improvements made on the security side independently from this claimed data breach. We have already informed our customers about this, and precautionary measures have already been initiated," OneBip said.

Data leaks: The most common sources

More data breach coverage:

Editorial standards