An opportunist using the name “DoubleFlag” has put the recently hacked BitcoinTalk.org’s database for sale on the dark web, according to Hackread. The same seller has also offered 68 million hacked hashed passwords of Dropbox users.
In May 2015, BitcoinTalk was the victim of a social engineering attack after an unknown hacker targeted an employee of NFOrce, BitcoinTalk’s ISP. In a revelation on Reddit at the time, forum operator and administrator Theymos hinted that password hashes, private messages, emails and other user details could be compromised.
User Data Exposed
As it turns out, the data dump containing stolen Bitcointalk users’ information includes usernames, email addresses, passwords, users’ birthdays, secret questions and their corresponding hashed secret answers and other internal data.
While the hack occurred in May 2015, the stolen data was leaked only a couple of days agofrom unknown sources.
“DoubleFlag” grabbed the data before anyone else could. The leaked data was only accessible to data breaches notification sites like Hacked-DB and LeakedSource.
BitcoinTalk Database For 1 BTC
BitcoinTalk’s database is going for 1 BTC ($614.67 USD). The file contains 514,408 accounts, including email address, personal text number, date of birth, username, gender, website title, password and location. The passwords are encrypted. There are 469,540 passwords encrypted with the SHA-256 algorithm, plus 44,868 passwords encrypted with the SMF password encryption.
Notably, the remaining 91% of user passwords were hashed with “sha256crypt,” a method of password storage that LeakedSource deemed as “far superior to nearly every website we’ve seen thus far.” That’s high praise, coming from a resource that reveals details of data breaches frequently, in a time where mega-breaches of hundreds of millions of users are commonplace.
LeakedSource was able to crack 30,389 passwords in total.
Seller Shares Sample Data
The dark web seller also shared sample data of more than 600 accounts with Hackread from the database:
While the leaked passwords are encrypted, decrypting them is not expected to be difficult.
Hackers stole and sold 427 Million MySpace passwords earlier this year on the same dark web marketplace. In May 2016, 33 million Twitter and 117 million LinkedIn login credentials were listed on a dark web marketplace for sale.
https://www.cryptocoinsnews.com/hacked-bitcointalk-org-user-data-goes-up-for-sale-on-dark-web/
Not citing sources is plagiarism, and copying pasting articles without permission is copyright infringement. If you want to share a news story, simply link to the source, and include your original commentary, and possibly small quotes from the source.
Copy paste is discouraged by the community, and may result in action from the cheetah bot.
Creative Commons: If you are reposting under a Creative Commons license, please attribute and link according to the specific license. If you are reposting under CC0 please consider noting that at the end of your post.
If you are actually the original author, please do reply to let us know!
Thank You! ☙