# Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web **[zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/](https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/)** [Home Innovation Security](https://www.zdnet.com/) Gnosticplayers returns with new user records, most of which he obtained by hacking companies last month. Written by Catalin Cimpanu, Contributor on March 17, 2019 A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he's selling on a dark web marketplace. This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which he's asking 1.2431 bitcoin ($4,940). The hacker's name is Gnosticplayers, and since February 11 the hacker has put up for sale data for 32 companies in three rounds [stories on [Round 1,](https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/) [Round 2, and](https://techcrunch.com/2019/02/14/hacker-strikes-again/) [Round 3] on Dream Market, a dark web marketplace.](https://www.zdnet.com/article/hacker-puts-up-for-sale-third-round-of-hacked-databases-on-the-dark-web/) [Today, the hacker published a new batch of files from six new companies, namely game dev platform GameSalad, Brazilian book store Estante](https://gamesalad.com/) [Virtual, online task manager and scheduling apps Coubic and](https://coubic.com/) [LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian student](https://lifebear.com/) [career site YouthManual.](https://www.youthmanual.com/) **Breach** **date** **Price** **Content** **Company** GameSalad (game dev platform) Estante Virtual (Brazilian book shop) **DB** **size** 1.5 Mil 5.45 Mil 2019/02 2019/02 ฿0.0785 ฿0.2618 email, password (SHA1/SHA256), username, IP address name, username, password (SHA1), address, email, phone number ----- Coubic (scheduling software) LifeBear (Japanese scheduling app) Bukalapak (Indonesian e-commerce site) YouthManual.com (Indonesian youth student and career site) 1.5 Mil 3.86 Mil 13 Mil 1.12 Mil 2019/02 2019/02 2017/07 2019/02 ฿0.157 ฿0.2618 ฿0.34 ฿0.144 name, email, password (SHA256) email, password (MD5), username, event details, app settings username, name, email, password hash (SHA512+salt), shopping details, IP adress, other name,email, password hash (SHA1+salt), hobbies, education, other Gnosticplayers Round 4 Image: ZDNet _ZDNet has reached out to the allegedly hacked companies with emails earlier today. It is worth mentioning that many of the companies whose_ data Gnosticplayers has sold in the previous three rounds have already confirmed breaches. ----- Coub c etu ed co e t a d sa d t as est gat g t e b eac So d d e ea, c ad tted t at t as ost e y t at t se e s got hacked, but the company is still investigating. [UPDATE: _[Bukalapak,](https://www.bukalapak.com/blog/feature-updates/petunjuk-teknis-105502)_ _[Coubic and](https://www.company.coubic.com/single-post/securityIncident20190319)_ _[LifeBear have publicly acknowledged the hacks.]](https://lifebear.com/announcement/SecurityIncident_190318_01)_ The difference between Round 4 and the previous three rounds is that five of the six databases Gnosticplayers put up for sale were acquired during hacks that have taken place last month, February 2019. The hacker said that he put up the data for sale mainly because these companies had failed to protect passwords with strong encryption algorithms like bcrypt. Most of the hashed passwords the hacker put up for sale today can cracked with various levels of difficulty --but they can be cracked. "I got upset because I feel no one is learning," the hacker told ZDNet in an online chat earlier today. "I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry." In a conversation with ZDNet last month, the hacker told us he wanted to hack and put up for sale more than one billion records and then retire and disappear with the money. But in a conversation today, the hacker says this is not his target anymore, as he learned that other hackers have already achieved the same goal before him. Gnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale. Some companies gave into extortion demands and paid fees so breaches would remain private. "I came to an agreement with some companies, but the concerned startups won't see their data for sale," he said. " I did it that's why I can't publish the rest of my databases or even name them." _Article updated with Coubic and LifeBear responses._ **Data leaks: The most common sources** ## More data breach coverage: -----