Revengeful hacker leaks database info after researcher threatens to reveal identities

A hacker going by the name of NightLion apparently breached the backend servers at data leak monitoring service DataViper and exfiltrated data, including more than 8,200 databases, as an act of revenge against a security researcher who plans to reveal the identity of Shiny Hunters, Gnostic Players, #TheDarkOverlord and other subgroups.

DataViper, managed by Night Lion Security researcher Vinny Toia, collected the databases, which included information on billions of users whose information had leaked during security breaches of other companies.

“I can’t imagine who would want to discredit me only 3 days before I give a talk linking them to 40% of all non CC breaches since 2017,” Troia tweeted late Sunday.

Troia has been teasing a virtual conference scheduled for Wednesday and an accompanying report that he says will reveal the identities of notorious hacking groups -- provoking them to tap DataViper’s data coffers and drawing sneers from Troia, who noted that people who think they’re above the law “get sloppy” and “forget to look at their own historical mistakes.”

Calling the actions those “of scared little boys pushed up against a wall facing the loss of their freedom,” Troia said in a statement to ZDNet, “All they had access to was a dev environment. Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people's attention.”

He noted that in his book, he detailed a scenario “where I allowed them to gain accessed to my web server in order to get their IPs,” stressing “they haven’t learned.”

The DataViper "'hack,'” he tweeted, “only proves that I have struck a nerve and” that his upcoming talk “is spot on.”

"This hack exemplifies how no organization is safe from a potential data breach,” said Ray Kelly, principal solutions architect and alliances at WhiteHat Security, adding that in this case, it appears “a cybersecurity firm failed to detect a malicious actor inside their network for several months.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.