617 million accounts

One of the biggest issues of the digital age is data theft, we have seen in the recent time that some of the top companies like Facebook and Google have faced the issue of a customer database. As per the recent reports 617 million accounts, hacked websites are reportedly being sold on the dark Web. Belonging to websites and apps like Dubsmash, MyFitnessPal, 500px, and ShareThis, the hacked account information is said to include names, email addresses, and encrypted passwords. Part of the data dump also includes location information, social media authentication tokens, and personal details. After the publication of the leaked news by a website, a number of the hacked websites have confirmed the breaches, giving credibility to the complete data dump.

The affected 617 million accounts consist of video messaging application Dubsmash (162 million accounts affected); health apps MyFitnessPal (151 million) and 8fit (20 million); genealogy platform MyHeritage (92 million); content sharing service ShareThis (41 million); Nordstrom’s member-only shopping website HauteLook (28 million); cloud-based video creation service Animoto (25 million); photography sites EyeEm (22 million), Fotolog (16 million) and 500px (15 million); online directory Whitepages (18 million); game portal website Armor Games (11 million); e-book subscription service BookMate (8 million); dating site CoffeeMeetsBagel (6 million), art appreciation website Artsy (1 million); and online learning platform DataCamp (700,000).

Also Read:  WhatsApp Dark Mode first glimpse revealed in a concept image

According to The Register, MyFitnessPal, Animoto, and MyHeritage each disclosed a data breach last year that corresponds to this latest incident, while the remaining websites have not (possibly because they were unaware they were victimized).

Compromised data primarily consists of individuals’ names, email addresses and hashed or encrypted passwords. But depending on the website, other lifted information includes usernames, IP addresses, birthdays, locations, countries, language, interests, account creation dates and security questions and answers. Presumably, cybercriminals who engage in spamming and credential stuffing campaigns would be able to make use of this information.

“Leaked credentials leave people vulnerable to account hijacking across all services where they recycle their usernames and passwords,” said Anurag Kahol, CTO and founder of Bitglass. Unfortunately, this includes the corporate accounts they use for work purposes, meaning that their employers are also put at risk by their careless password habits.”

Stephan Chenette, CTO and co-founder of AttackIQ, agreed, noting, “It is quite common for people to reuse the same login credentials for accounts across a wide range of services in different industries including the financial, healthcare, retail and education verticals. If a malicious actor was able to obtain the email address and crack a hashed password for just one of these accounts, they could potentially gain access to multiple accounts with sensitive information.”

Also Read:  Moto G7 Spotted on benchmarking site Geekbench

Reportedly, the seller has set the value of the entire 617 million accounts data set at approximately $20,000, but is offering each website’s data individually. At least one buyer purchased the Dubsmash data set, according to the seller, who says he (or she) stole the data by exploiting web app vulnerabilitie.

“The bulk of these credentials were acquired from data breaches that occurred during 2018, meaning that the companies affected, such as Dubsmash, may face fines up to four percent of annual global turnover or €20 million under GDPR for compromising the information of EU citizens,” said Jonathan Bensen, interim CISO at Balbix. “What is concerning is that several breached sites failed to disclose these attacks, demonstrating that the companies either were unaware or decided to not reveal the incidents.”

For the latest news from the smartphone market, containing leaks, launch, development and much more follow Viral Mobile Tech on Facebook and Twitter.

About Admin

Khushbu is chief editor of Viral Mobile Tech & App Gyaan, she is professionally a CA and tech enthusiasts, her USP is to judge the things with magnifying glass, her love other than technology & tax is eating.

You can reach her on khushbu@appgyaan.com.

Similar Posts