Hackers Sell Company Websites Data on Dark Web

2019, Breaches, March

Who: Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.

# of Accounts Breached: 617 million Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).

What was affected: Passwords, location, personal details, and social media authentication tokens.

When it happened: February 2019

How it happened: Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove’s seller. For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network

Outcome: On Tuesday, February 12 500px confirmed that it was hacked. Also on Tuesday, EyeEm informed its users it had been hacked. We understand similar disclosures are due to land this week from ShareThis and others. On Wednesday, February 13, DataCamp informed us it is resetting its users’ passwords after “some user data was exposed by a third party who gained criminal unauthorized access to one of our systems.” Also on Wednesday, CoffeeMeetsBagel told us it is alerting its users to its security breach, we added a statement from MyFitnessPal, and 8fit admitted to its customers that it was hacked. On Thursday, February 14, Artsy emailed its users to confirm its internal data was stolen and put up for sale, as reported. “On February 11, 2019, we became aware that account information for some of our users was made available on the internet,” the biz wrote. “We are still investigating the precise causes of the incident, and together with our engineering team, we are working with a leading cyber forensics firm to assist us.” On Friday, February 15, ShareThis confirmed it was hacked, too. On 1 March, Armor Games ‘fessed up to a breach.