# 127 million user records from 8 companies put up for sale on the dark web

**[zdnet.com/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/](https://www.zdnet.com/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/)**

[Home Innovation Security](https://www.zdnet.com/)
The same individual sold 620 million user accounts from 16 other companies earlier this week.

Written by Catalin Cimpanu, Contributor on Feb. 14, 2019

An individual who earlier this week was selling 620 million user records stolen from 16 companies has now put up a second batch of hacked
data totaling 127 million, originating from eight companies.

The data is currently being sold on Dream Market, a dark web marketplace where crooks sell an assortment of illegal products, such as user
data, drugs, weapons, malware, and others.

The individual selling the data goes by the name of Gnosticplayers, and it's currently unclear if they're the one/ones who hacked the 24
companies, or just a third-party who purchased the data from the real hacker and is now re-selling it for a bigger profit.

[According to tech news site TechCrunch, who first reported this new batch of hacked accounts going for sale on Dream Market, Gnosticplayers](https://techcrunch.com/2019/02/14/hacker-strikes-again/)
is asking for roughly four bitcoin, which is about $14,500 in fiat currency. Prices vary depending on the quality of the user data and the difficulty
in cracking password hashes.

This second batch of hacked accounts includes data from the following companies:


**Breach**
**date**


**Price**


**Company**


**DB**
**size**


**Content**


-----

Ge.tt (file sharing
service)

Ixigo (travel and hotel
booking)

Roll20.net (gaming)

Houzz (interior
design)

Coinmama
(cryptocurrency
exchange)

Younow (live
streaming)


1.83
Mil

18
Mil

4
Mil

57
Mil

0.42
Mil

40
Mil


2017/12

2019/01/01

2019/01/01

2018/07

2017/08/02

2017/10

2018/09

2017


฿0.16

฿0.262

฿0.0582

฿2.91

฿0.3497

฿0.131

฿0.291

฿0.1777


firstname, lastname, password hash (SHA256), Facebook ID, referer

password hashes (MD5), full name, Facebook URL, IP address, username, email,
and, for some users even the passeport ID number, passeport name etc

name, email, passwords (bcrypt), nickname, gaming data, some redacted financial
data, server log data

email, password (SHA256), registration date, name

email, password (PHPASS), other unspecified

username, email, password (HMAC-RIPEMD160), profile stats, gaming data,
SteamID

email, username, password (MD5), other undisclosed data


StrongHoldKingdoms
(gaming) 5
Mil

Petflow (pet food
delivery) 1
Mil


-----

Dream Market data


Image: ZDNet
[Of the companies listed above, Houzz had already come clean about its data breach last week. The other seven companies did not publicly](https://help.houzz.com/s/article/security-update?language=en_US)
reveal any security breaches before the publication of today's ads.

[This new batch of stolen databases comes after earlier this week, the same Dream Market user was selling the following user databases from](https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/)
16 other companies:


**Company**


**DB**
**size** **Breach date** **Price** **Content**


Dubsmash (video sharing) 161.5
Mil

500px (image hosting) 14.8
Mil


2018/12 ฿0.549 user ID, password (SHA256), username, email, language, country, more

2018/07 ฿0.217 username, email, password (MD5, SHA512, or bcrypt), first and last name,
birth date, gender, city, country


-----

EyeEm (image hosting) 22.3
Mil

8fit (fitness app) 20.1
Mil

Fotolog (photo app) 16
Mil


Animoto (video editing
service)

MyHeritage (family
genealogy service)

MyFitnessPal
(UnderArmor's fitness
app)


25.4
Mil

92
Mil

150
Mil


2018/02 ฿0.289 email and password (SHA1)

2018/07 ฿0.2025 email, password (bcrypt), country, country code, Facebook token, Facebook
profile picture, name, gender, and IP address

2018/12 ฿0.52 email, password (SHA256), security question and answer, name, location,
various profile data

2018 ฿0.318 username, password hash (256), email, country, full name, and date of birt

2017/10 ฿0.549 email, password hash (256), account creation date

2018/02 ฿0.289 user ID, username, email, password hash (SHA1) with a fixed salt, IP
address


Artsy (art sharing portal) 1 Mil 2018/04 ฿0.0289 email, name, IP addresses, location, and password (SHA256)


Armor Games (online
gaming)

Bookmate (e-book and
audiobook app)

CoffeeMeetsBagel (dating
app)

DataCamp (coding
platform)

HauteLook (online
shopping)

ShareThis (social sharing
widegt)

WhitePages (online phone
book)


11
Mil


0.7
Mil

28
Mil

41
Mil

17.7
Mil


2018/12 ฿0.2749 username, email, password (SHA256), date of birth, gender, location, and
profile data


8 Mil 2018/07 ฿0.159 username, email, password (SHA512 or bcrypt), gender, date of birth, and
profile data


6 Mil late 2017 to
mid-2018


฿0.13 full name, email, age, registration date, and gender


2018/12 ฿0.013 email, password (bcrypt), location, and profile data

2018 ฿0.217 email, password (bcrypt), and name

2018/07 ฿0.217 name, username, email, password (DES), gender, date of birth, and profile
data

late 2017 ฿0.434 name, email, password (SHA1 or bcrypt)


[Animoto,](https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/) [MyFitnessPal and](https://www.zdnet.com/article/under-armour-reports-150-million-myfitnesspal-accounts-hacked/) [MyHeritage previously disclosed breaches last year.](https://www.zdnet.com/article/92-million-accounts-for-dna-testing-site-myheritage-found-online/) [DataCamp, 500px,](https://www.zdnet.com/article/data-breach-confirmed-by-500px-with-partial-user-data-hit/) [Dubsmash,](https://dubsmash.com/user-notice) [EyeEm,](https://twitter.com/ryanzhiyou/status/1095442154665566208) [Artsy,](http://www.artnews.com/2019/02/14/artsy-data-stolen-security-incident/) [8fit, and](https://8fit.zendesk.com/hc/en-us/articles/360017746394-Notice)
[CoffeeMeetsBagel confirmed this week that they've been breached as well, giving credence to the seller's boast that this is real data and not](https://twitter.com/donie/status/1096037267041337344)
just a scam.

These 16 databases are no longer available for sale now. Gnosticplayers said he took them down after buyers complained that a prolonged
sale would eventually lead to some of these databases leaking online, and becoming available to everyone.

_More updates to follow as we're still looking at the data._

**Data leaks: The most common sources**

## More data breach coverage:


-----