[BreachExchange] Database of dark web host with 7600 websites leaked by KingNull

Destry Winant destry at riskbasedsecurity.com
Wed Jun 3 09:34:22 EDT 2020


The dark web hosting firm known as Daniel’s Hosting was under cyber
attacks since 2018.

In November 2018, Daniel’s Hosting, a dark web hosting service
suffered a cyberattack resulting in 6500 of the websites hosted on it
to go offline. Although it recovered from that attack, it suffered
another one back in March this year when its entire database was

Following this, the owner, Daniel Winzen decided to shut down the
service in its entirety, at least temporarily to see how things work

However, just recently, it has been revealed that the entire database
has been dumped online by an attacker named KingNull. Uploaded on a
file hosting service, the data contains:

3,671 email addresses
7,205 passwords of user accounts
8,580 private keys of dark web domains.

Although no IP address information was found, the data contains
confidential information on both the owners and the users of the
respective dark web domains. This naturally presents several
challenges for the victims – the good ones & the bad ones.

To start with the good ones, there are many websites on the dark web
that are built with the purpose of speaking against oppressive
governments in the form of whistleblowing or otherwise (apologies if
you thought it was limited to Wikileaks) Yet, if the data of such
sites is leaked, their site owners and respective users can be traced
and taken revenge off.

Regarding the bad ones consisting of malicious or criminal content,
this will help law enforcement agencies not only trace such site
owners but also offending users who may have engaged in such

To borrow a bit from our analysis of DH’s previous attack in March,
over 450 websites using the host dealt with malware whereas numerous
others hosted illegal content in the form of counterfeit products and
carding services.

In response, breach monitoring service Under The Breach told ZDNet in
a statement that “the leaked data can be used to tie the owners of
leaked email addresses to certain dark web portals”.

Nonetheless, a common threat may haunt both of the above. That is,
even if these websites were moved to another hosting service, if users
continued without setting new passwords, this can make it easier for
hackers to tap into their accounts with the help of the hashed
passwords obtained from the leak by cracking them.

To conclude, this presents another dark side of the dark web – a lack
of security mechanisms to safeguard the very structure on which
websites are run there. This, we believe remains a major impediment
for small digital businesses who may want to grant their users a safe
presence on the dark web but cannot do so for these reasons.

For the time being, no information is available as to whether the
leaked data will be indexed on any breach notification service so in
the case that one of our readers had any link with Daniel’s hosting,
it is recommended that they change their passwords and try to use a
pseudonym to avoid getting traced for political activities.

More information about the BreachExchange mailing list