A hacker going by the name of “Gnosticplayers” is selling the personal data of 26 million people who have been using the services of six different companies from across the world. The information is up for sale on the dark web for a value of up to 1.4231 bitcoin, or around $4,940. This marks the fourth time the hacker is selling people’s personal information.
According to ZDNet, the companies impacted by this hack include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak, and Youthmanual. While most of these companies are not based in the United States. a noteworthy name on the list is GameSalad, a game-development platform that powers 75 games that reached the top 100 in Apple’s App Store.
For the majority of these companies or services, the hacker has published batch files containing emails, passwords, user names, IP addresses, and app settings. However, not all the data is up for sale, as several of these companies have paid the hacker to keep some of the information from being exposed. The passwords in the hack are also hashed as a string of characters but can still be uncovered.
The hacker is apparently selling this data because he believes these companies are not properly protecting the information of its users with the adequate encryption. “I got upset because I feel no one is learning, I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry,” the hacker told ZDNet.
In his first round of attacks in February 2019, hacker Gnosticplayers put up for sale the information of 617 million online accounts from 16 hacked websites. That was then followed up a secondary hack which impacted eight additional websites, including travel-booking site Ixigo and live-video streaming site YouNow. The third hack affected up to 93 million users and websites including the popular Gif-sharing platform Gfycat and the online photo editor Pizap.
These types of hacks and data breaches are an increasingly common aspect of digital and online life. The best practices when using online services include avoiding using the same passwords. Instead, it is best to use alphanumeric characters in passwords, and leverage two-factor authentication to protect your accounts. We have a guide on how to create a safe password.