Hacker Steals 34 Million User Records from 17 Companies, Puts for Sale on Hacker Forum!

November 12, 2020

Data breaches continue to dominate headlines across the world. Despite the growing emphasis on data security, cybercriminals continue to find more advanced ways to breach security defenses and access critical enterprise data.

Recently, a malicious actor has stolen account databases containing an aggregate total of 34 million user records from seventeen companies.

Lately, on October 28, a data breach broker put the stolen user databases of the 17 companies on ‘Hacker Forum’ for sale. The caption read as “Selling exclusive private databases. These databases are fresh and have never been sold before. Limited sales.”

In conversation with BleepingComputer, the seller said they were acting as a broker for the databases and were not responsible for hacking into the seventeen companies.

When asked how the threat actor has gained access to the databases, the seller replied, “Not sure if he wants to disclose.”

The stolen databases for private sale on Hacker Forum will be typically sold at prices ranging from USD 500 to USD 100,000. After some time, the sellers will release the stolen databases for free in the forum to improve the hacker’s ‘street cred.’

List of Companies Experienced the Breach:

As per the details provided by the data breach broker, all of the databases being stolen from the seventeen companies were obtained in 2020.

Geekie.com.br experienced the largest breach, allowing the hacker to steal 8.1 million records. Singapore’s RedMart (1.1 million records) is the most popular company among the 17 affected companies.

The seller revealed that they are selling the RedMart database for USD 1,500.

However, only RedMart, Geekie, and Athletico, among all the 17 companies, have disclosed the data breach, while Wongnai.com informed BleepingComputer that they are investigating the breach.

“Thanks for your inquiry, we were aware of this incident, and our tech team has been investigating this matter,” Wongnai emailed BleepingComputer.

Company	Records Exposed	User Information Exposed
Geekie.com.br	8.1 million	Emails, usernames, names, DoB, gender, mobile numbers, Brazilian CPF numbers, hashed passwords,
Clip.mx	4.7 million	Email, phone number
Wongnai.com	4.3 million	Email, password md5, IP, Facebook and Twitter ID, names, birthdate, phone, zip
Cermati.com	2.9 million	Emails, Bcrypt password, name, address, phone, revenue, bank, tax and ID number, gender, job, company, mother’s maiden name
Everything5pounds.com	2.9 million	Emails, name, gender, phone number, hashed passwords
Eatigo.com	2.8 million	Email, name, phone, gender, password md5, Facebook ID, and token
Katapult.com	2.2 million	Email, password pbkdf2-sha256/unknown, name
Wedmegood.com	1.3 million	Email, password sha512, phone, Facebook ID
RedMart	1.1 million	Mails, mailing and billing addresses, SHA1 hashed passwords, full name, phone numbers, partial credit cards numbers
Coupontools.com	1 million	Email, password bcrypt, name, phone, gender, birthdate
W3layouts.com	789,000	Email, country, city, state, phone, name, password bcrypt, IP
Game24h.vn	779,000	Email, password md5, username, birthdate, name
Invideo.io	571,000	Email, password bcrypt, name, phone
Apps-builder.com	386,000	Email, password md5crypt, IP, name, country
Fantasycruncher.com	227,000	Email, password bcrypt/sha1, username, IP
Athletico.com.br	162,000	Email, password md5, name, CPF, birthdate
Toddycafe.com	129,000	Email, password unknown, name, phone, address

Do You Hold Any Account in These Websites?

If you have an account in one of these hacked websites, make sure to change your account password immediately, irrespective of any breach disclosure alert from the company.

Change Passwords of Accounts