{
	"id": "9f010dad-62b4-4511-a620-21be00b3e76b",
	"created_at": "2026-04-06T00:14:55.711177Z",
	"updated_at": "2026-04-10T13:11:59.932066Z",
	"deleted_at": null,
	"sha1_hash": "6b32bfc30566a6f6f57b1b956dfe6b9023c9b8cd",
	"title": "Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 613136,
	"plain_text": "Round 4: Hacker returns and puts 26Mil user records for sale on\r\nthe Dark Web\r\nBy Written by Catalin Cimpanu, ContributorContributor March 17, 2019 at 11:15 a.m. PT\r\nArchived: 2026-04-05 13:39:52 UTC\r\nA hacker who has previously put up for sale over 840 million user records in the past month, has returned with a\r\nfourth round of hacked data that he's selling on a dark web marketplace.\r\nThis time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which\r\nhe's asking 1.2431 bitcoin ($4,940).\r\nThe hacker's name is Gnosticplayers, and since February 11 the hacker has put up for sale data for 32 companies\r\nin three rounds [stories on Round 1, Round 2, and Round 3] on Dream Market, a dark web marketplace.\r\nToday, the hacker published a new batch of files from six new companies, namely game dev platform GameSalad,\r\nBrazilian book store Estante Virtual, online task manager and scheduling apps Coubic and LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian student career site YouthManual.\r\nCompany\r\nDB\r\nsize\r\nBreach\r\ndate\r\nPrice Content\r\nGameSalad (game dev\r\nplatform)\r\n1.5\r\nMil\r\n2019/02 ฿0.0785\r\nemail, password (SHA1/SHA256),\r\nusername, IP address\r\nEstante Virtual (Brazilian book\r\nshop)\r\n5.45\r\nMil\r\n2019/02 ฿0.2618\r\nname, username, password (SHA1),\r\naddress, email, phone number\r\nCoubic (scheduling software)\r\n1.5\r\nMil\r\n2019/02 ฿0.157 name, email, password (SHA256)\r\nLifeBear (Japanese scheduling\r\napp)\r\n3.86\r\nMil\r\n2019/02 ฿0.2618\r\nemail, password (MD5), username,\r\nevent details, app settings\r\nBukalapak (Indonesian e-commerce site)13\r\nMil\r\n2017/07 ฿0.34\r\nusername, name, email, password hash\r\n(SHA512+salt), shopping details, IP\r\nadress, other\r\nYouthManual.com (Indonesian\r\nyouth student and career site)\r\n1.12\r\nMil\r\n2019/02 ฿0.144\r\nname,email, password hash\r\n(SHA1+salt), hobbies, education, other\r\nhttps://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/\r\nPage 1 of 3\n\nImage: ZDNet\r\nZDNet has reached out to the allegedly hacked companies with emails earlier today. It is worth mentioning that\r\nmany of the companies whose data Gnosticplayers has sold in the previous three rounds have already confirmed\r\nbreaches.\r\nCoubic returned comment and said it was investigating the breach. So did LifeBear, which admitted that it was\r\n\"most likely\" that it servers got hacked, but the company is still investigating. [UPDATE: Bukalapak, Coubic and\r\nLifeBear have publicly acknowledged the hacks.]\r\nThe difference between Round 4 and the previous three rounds is that five of the six databases Gnosticplayers put\r\nup for sale were acquired during hacks that have taken place last month, February 2019.\r\nThe hacker said that he put up the data for sale mainly because these companies had failed to protect passwords\r\nwith strong encryption algorithms like bcrypt.\r\nMost of the hashed passwords the hacker put up for sale today can cracked with various levels of difficulty --but\r\nthey can be cracked.\r\nhttps://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/\r\nPage 2 of 3\n\n\"I got upset because I feel no one is learning,\" the hacker told ZDNet in an online chat earlier today. \"I just felt\r\nupset at this particular moment, because seeing this lack of security in 2019 is making me angry.\"\r\nIn a conversation with ZDNet last month, the hacker told us he wanted to hack and put up for sale more than one\r\nbillion records and then retire and disappear with the money.\r\nBut in a conversation today, the hacker says this is not his target anymore, as he learned that other hackers have\r\nalready achieved the same goal before him.\r\nGnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale.\r\nSome companies gave into extortion demands and paid fees so breaches would remain private.\r\n\"I came to an agreement with some companies, but the concerned startups won't see their data for sale,\" he said. \"\r\nI did it that's why I can't publish the rest of my databases or even name them.\"\r\nArticle updated with Coubic and LifeBear responses.\r\nData leaks: The most common sources\r\nMore data breach coverage:\r\nCompanies are leaking sensitive files via Box accounts\r\nCitrix discloses security breach of internal network\r\n'Yelp for conservatives' MAGA app leaks users data\r\nDatabase leaks 250K legal documents, some marked 'not designated for publication'\r\nChinese hacking group backdoors products from three Asian gaming companies\r\nSaudi caller ID app leaves data of 5+ million users in unsecured MongoDB server\r\nMassive breach leaks 773 million email addresses, 21 million passwords CNET\r\nHackers turn to data theft and resale on the Dark Web for higher payouts TechRepublic\r\nSource: https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/\r\nhttps://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/"
	],
	"report_names": [
		"round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web"
	],
	"threat_actors": [
		{
			"id": "1609af91-e258-4058-9caa-59e7d171aecb",
			"created_at": "2022-10-25T16:07:24.491691Z",
			"updated_at": "2026-04-10T02:00:05.008935Z",
			"deleted_at": null,
			"main_name": "Gnosticplayers",
			"aliases": [],
			"source_name": "ETDA:Gnosticplayers",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "56d15cc7-f9c1-451f-bdde-8c283e3cf15b",
			"created_at": "2023-01-06T13:46:39.015288Z",
			"updated_at": "2026-04-10T02:00:03.181411Z",
			"deleted_at": null,
			"main_name": "Gnosticplayers",
			"aliases": [],
			"source_name": "MISPGALAXY:Gnosticplayers",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434495,
	"ts_updated_at": 1775826719,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6b32bfc30566a6f6f57b1b956dfe6b9023c9b8cd.pdf",
		"text": "https://archive.orkl.eu/6b32bfc30566a6f6f57b1b956dfe6b9023c9b8cd.txt",
		"img": "https://archive.orkl.eu/6b32bfc30566a6f6f57b1b956dfe6b9023c9b8cd.jpg"
	}
}