A hacker dubbed Gnosticplayers, who is known for selling personal information, recently posted 26.42 million stolen user records for sale on the dark web in what he is calling a fourth round of leaks.
The threat actor has previously offered up for sell more than 840 million records since February 2019 and sells them in “rounds,” according to ZDNet. So far, data from 32 companies has been released in previous rounds with information from six more companies, including game dev platform GameSalad, made available in the fourth round.
The other companies affected in the most recent dump include Brazilian bookshop Estante Virtual, scheduling software firm Coubic , Japanese scheduling app LifeBear, Indonesian e-commerce site Bukalapak, and Indonesian youth student and career site YouthManual.com.
Gnosticplayers is selling the most recent round of records for 1.2431 BTC worth $4,931.30 on dark web marketplace Dream Market and allegedly sent emails to the compromised companies yesterday.
The hacker said their reasoning for selling the data was because while passwords aren't easy to crack, they are still vulnerable to attack.
"I got upset because I feel no one is learning," the hacker told ZDNet in an online chat earlier today. "I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry."
In a conversation with the publication last month Gnosticplayers said he wanted to hack and put up for sale more than one billion records and then retire and disappear with the money but yesterday said that is not his target anymore, as he learned that other hackers have already achieved the same goal before him.
"After four rounds of user records being put up for sale by this entity, there is a clear pattern that speaks to the way we utilize personal data today,” CyberSaint Security CEO George Wrenn told SC Media.
“This data – 26M records – was obtained within just the past few months. This is not a small incident, as mass amounts of individuals' personal data is being sold.
Wrenn added that this example should convince them that data truly is the new currency if anyone had any doubts before.
Byron Rashed, vice president of marketing at Centripetal Networks, called the attacks a classic example of a highly skilled and motivated threat actor that has successfully infiltrated networks and exfiltrated high value data for sale in the underground economy.
“There are actually two issues,” Rashed said. “The first is organizations that fail to block or identify malicious IPs and domains. Network infiltration can be greatly mitigated by blocking these malicious sources. The second is the failure to protect [encrypt] data with strong encryption."
Rashed added that unencrypted or weakly encrypted data lets threat actors fully monetize the caches he is selling, making it highly profitable and more attractive to potential buyers.