WhatsApp forces users to agree to share private data including phone number with Facebook
Hundreds of millions of stolen details from Dubsmash, MyFitnessPal, MyHeritage and other previously undisclosed data breaches were listed on Dream Market
Cyber criminals have placed 617 million hacked accounts for sale on the dark web, stemming from 16 separate data breaches.
The databases are listed on the dark web marketplace Dream Market, alongside drugs, weapons and other illicit items. Hacked websites listed include MyFitnessPal, MyHeritage and Animoto – all of which were known to have been compromised. Other sites, such as the photography network 500px, had not previously reported a breach to its security.
Depending on the breach, stolen data may include:
The data troves are listed individually on the popular dark web marketplace, each sold by the same vendor. The seller, who goes by the name 'gnosticplayers', joined the Dream Market on 6 February and currently has a five star rating, though this comes from a single buyer.
Cyber security experts have warned that the scale of the breach could drive a significant change in public sentiment towards security, especially considering that many of the listings were from previously undisclosed data breaches.
Ilkka Turunen, global director at software firm Sonatype, stated “A number of the breached sites failed to disclose the attacks, indicating that they weren’t aware of the hack, or opted not to reveal it, and thus could fall foul of GDPR and be subject to serious fines."
Other security researchers said that people should beware of their accounts being compromised, even if they no longer use any of the sites or services caught up in the latest list of data breaches.
The tendency to reuse the same email addresses and passwords across multiple platforms mean hackers can use the credentials to break into other online accounts.