[BreachExchange] Gnosticplayers dumps 26 million company records for sell in fourth round dump

Destry Winant destry at riskbasedsecurity.com
Thu Mar 21 01:30:34 EDT 2019


A hacker dubbed Gnosticplayers, who is known for selling personal
information, recently posted 26.42 million stolen user records for
sale on the dark web in what he is calling a fourth round of leaks.

The threat actor has previously offered up for sell more than 840
million records since February 2019  and sells them in “rounds,”
according to ZDNet. So far, data from 32 companies has been released
in previous rounds with information from six more companies, including
game dev platform GameSalad, made available in the fourth round.

The other companies affected in the most recent dump  include
Brazilian bookshop Estante Virtual, scheduling software firm Coubic ,
Japanese scheduling app LifeBear, Indonesian e-commerce site
Bukalapak, and Indonesian youth student and career site

Gnosticplayers is selling the most recent round of records for 1.2431
BTC worth $4,931.30 on dark web marketplace Dream Market and allegedly
sent emails to the compromised companies yesterday.

The hacker said their reasoning for selling the data was because while
passwords aren’t easy to crack, they are still vulnerable to attack.

“I got upset because I feel no one is learning,” the hacker told ZDNet
in an online chat earlier today. “I just felt upset at this particular
moment, because seeing this lack of security in 2019 is making me

In a conversation with the publication last month Gnosticplayers said
he wanted to hack and put up for sale more than one billion records
and then retire and disappear with the money but yesterday said that
is not his target anymore, as he learned that other hackers have
already achieved the same goal before him.

“After four rounds of user records being put up for sale by this
entity, there is a clear pattern that speaks to the way we utilize
personal data today,” CyberSaint Security CEO George Wrenn told SC

“This data – 26M records – was obtained within just the past few
months. This is not a small incident, as mass amounts of individuals’
personal data is being sold.

Wrenn added that this example should convince them that data truly is
the new currency if anyone had any doubts before.

Byron Rashed, vice president of marketing at Centripetal Networks,
called the attacks a classic example of a highly skilled and motivated
threat actor that has successfully infiltrated networks and
exfiltrated high value data for sale in the underground economy.

“There are actually two issues,” Rashed said. “The first is
organizations that fail to block or identify malicious IPs and
domains. Network infiltration can be greatly mitigated by blocking
these malicious sources. The second is the failure to protect
[encrypt] data with strong encryption.”

Rashed added that unencrypted or weakly encrypted data lets threat
actors fully monetize the caches he is selling, making it highly
profitable and more attractive to potential buyers.

More information about the BreachExchange mailing list