User information stolen in 14 data breaches is being sold on the online black market, potentially putting more than 144 million users at risk.
According to Bleeping Computer, notorious data brokers are at the center of this operation; the 14 databases hold different types of information, but each contains user names and hashed passwords.
The compromised databases originate from online food services, gaming websites, sports streaming services, financial services companies, clothing retailers, and various other businesses.
The affected companies and services include Dark Throne, Efun, Fluke, Footers, HomeChef, JamesDelivery, KitchHike, KreditPlus, Minted, Playwings, Revelo, Tokopedia, Yotepresto, and Zoosk, with the stolen data totaling over 144 million records.
According to the distributors of the stolen data, all of these breaches took place between January and June 2020; Bleeping Computer reports that of the 14 companies, only HomeChef, Minted, Tokopedia, and Zoosk have announced data breaches but Bleeping Computer stated that the data from the other companies appeared "legitimate."
Data brokers told Bleeping Computer that they sell the contents of each database for between $100 and $1,100. The largest database contains 91 million records for Indonesian e-commerce company Tokopedia, while the smallest database contains 115,000 records for Japanese food and travel site KitchHike.
The same data brokers also sell data stolen from previously compromised companies. These include Wirecard, ClickFunnels, Reverb Nation, ZyngaPoker, Star Tribune, and Epic Games.
According to a screenshot posted by Bleeping Computer, the passwords for the KitchHike accounts were protected by the very strong hashing algorithm Bcrypt. If so, the KitchHike password is probably secure, but there is no guarantee that passwords in other databases are protected in the same way.
KitchHike data also included usernames, email addresses, real names, geographic locations, social media profiles, and phone numbers.
If you have an account with a compromised website or online service, change your account password immediately and make sure your new password is strong and unique. One of the best password managers will be of great help. You should also contact the affected company for advice.
If your information is indeed among the stolen data, you may want to consider the best identity theft protection services that can minimize the damage.
Comments