Hackers have put 620 million account details for sale on the Dark Web

Just a week after
hackers were found distributing 2.2 billion records on the internet another major data leak has been detected. In this latest breach, 617 million account details were stolen from 16 different websites and are now on sale on the dark web.

It was only last month that a major data dump called Collection #1 was spotted with more than a billion unique login credentials. Later, Collections #2 to #5 were reported a few weeks later with information on 2.2 billion records. A new revelation by The Register, suggests that 617 million account details will go on sale on the dark web from shortly.

The Register verified the sample account records from the database and it seems legitimate. The data consists of account holder’s names, email addresses, and passwords. The other information includes personal and location details of some users. The only relief is that the passwords are hashed, cybercriminals have to crack them before using them.

The Dark Web seller(s) are supposed to be operating outside of the US. A seller has even confirmed that a part of the database has already been purchased by one person. The seller claims that the hacking attempts were made by exploiting security vulnerabilities in web apps. Most of the records are one year old. The users who have changed their login credentials in the last one year, need not worry.

List of sites that were hacked

– Dubsmash: 162 million

– MyFitnessPal: 151 million

– MyHeritage: 92 million

– ShareThis: 41 million

– HauteLook: 28 million

– Animoto: 25 million

– EyeEm: 22 million

– 8fit: 20 million

– Whitepages: 18 million

– Fotolog: 16 million

– 500px: 15 million

– Armor Games: 11 million

– BookMate: 8 million

– CoffeeMeetsBagel: 6 million

– Artsy: 1 million

– DataCamp: 700,000

How to protect yourself?

The security of the data depends on the company that is handling it. If you are a registered user of any of the platforms listed above, your data could be comprised. The most important step that you must perform right now is to change the password. If you are using a weak password and a common one on all platforms, ensure that you change all of those as well. We recommend using two-factor authentication wherever possible.