Data Stolen from 26 Companies Being Sold by Hacker
Last Friday, a data breach broken began selling a combined 368.8 million stolen user records from twenty-six companies on a popular hacker forum. When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on hacker forums and dark web marketplaces to market the stolen data.
Of these twenty-six companies, only eight are new alleged data breaches that have not been previously disclosed. These seven companies are Teespring.com, MyON.com, Chqbook.com, Anyvan.com, Eventials.com, Wahoofitness.com, Sitepoint.com, and ClickIndia.com. BleepingComputer was able to secure an interview with the data broker and was told that the data from Teespring is being sold for $3,800-$4,000, MyON for $2,800, and Chqbook for $1,800. The broker has not decided on pricing for the other databases.
Many of the companies involved in the data breach have confirmed the leak of their user’s data, while others have confirmed a breach but claim that user data has remained secure. A full list of the companies involved, how many records were reportedly breached, and whether the company has confirmed, can be found below.
If you have an account at any of the sites listed below, it is strongly suggested that you change your password to a strong and unique one used only at that site. If the same password has been used at other sites, change your password to a unique one there as well. Atlas Cybersecurity recommends using a password manager to keep track of strong and unique passwords at sites you have accounts.
| Company | User Records | Confirmed? |
|---|---|---|
| Teespring.com | 8.2 million | no |
| MyON.com | 13 million | no |
| Chqbook.com | 1 million | no |
| Anyvan.com | 4.1 million | no |
| Eventials.com | 1.4 million | no |
| Wahoofitness.com | 1.7 million | no |
| Sitepoint.com | 1 million | no |
| Clickindia.com | 8 million | no |
| Juspay.in | 100 million | yes |
| Knockcrm.com | 6 million | yes |
| Mindful.org | 1.7 million | yes |
| Bigbasket.com | 20 million | yes |
| Reddoorz.com | 5.8 million | yes |
| Hybris.com (SAP.com) | 4 million | SAP client data |
| Wedmegood.com | 1.3 million | yes |
| Wongnai.com | 4.3 million | yes |
| Geekie.com.br | 8.1 million | yes |
| Accuradio.com | 2.2 million | yes |
| Everything5pounds.com | 2.9 million | yes |
| Cermati.com | 2.9 million | yes |
| Netlog.com (Twoo.com) | 52 million | yes |
| Reverbnation.com | 7.8 million | yes |
| Fotolog.com | 33 million | yes |
| Pizap.com | 60 million | yes |
| ModaOperandi.com | 1.2 million | yes |
| Signlesnet.com | 16 million | yes |
Sources: