Nearly 1 billion user profiles fall into the hands of hackers

According to ZDNet, a hacker with the nickname Gnintoplayers has revealed to the technology news website in February that he wants to post data of more than 1 billion user profiles for sale on the black market. ZDNet experts have begun to verify the information and they found that the hacker actually revealed information about nearly 65.5 million personal user records he took last week. Thus, it can be understood that the number of actual user profiles that this person is holding is still much greater, and the number of 'crazy' 1 billion user profiles that have been stolen is not nonexistent. basis.

1. Malicious ad campaigns abuse Chrome to steal 500 million iOS user sessions

In addition, Gnintoplayers is also said to be responsible for hacks involving 44 organizations and businesses around the world, and since the middle of February this year, this person has also started some activities. promote the sale of illegal products, such as weapons, drugs and hacking tools on some black websites.

Returning to the case of nearly 1 billion user profiles falling into the hands of hackers, security researchers have discovered that the majority of data stolen and sold by large companies operates in many fields. Different, can be mentioned as UnderArmor, 500px, Share This, GfyCat and MyHeritage. This amount of data was released by the attacker in four stages. The first phase is called Round 1 with 620 million user profiles affected, Round 2 includes 127 million user profiles, Round 3 is 93 million user profiles, and Round 4's number is 26.5 million user profiles.

In the latest release, hackers have revealed that 65.5 million user profiles this time were stolen from 6 companies, including: Game platform Mindjolt, Wanelo digital center, email platform and RSVP Evite, Korean tourism company Yanolja, Moda Operandi women's fashion store and Apple iCracked repair center.

1. Adblock Plus filter can be exploited to run malicious code

ZDNet then contacted each of the companies named to confirm the information, most of them said there was a loss as well as a vulnerability in their user data management system. Thus, this new 'batch' of stolen data is also likely to be authenticated.

In a related move, the administrators of Dream Market had to decide to close their markets after being "bombarded" by near-constant DDoS attacks as well as asking for ransom.

Obviously the motive behind the project of Gnosticplayers stealing 1 billion user profiles is not simply because of money like many other attacks. Cyber ​​criminals like Gnintoplayers are part of what is known as the underground community of hackers and data hoards, hiding in some hidden corner of the internet world that is full of pitfalls. .

1. 25% of "out-of-the-box" phishing emails are the default security of Office 365

This is a lucrative business and the majority of these hackers cannot publicly sell the data they steal on the public trading markets like Dream Market. The reason lies in the fact that although it is stored on the black web, Dream Market is basically an open space, full of presence of law enforcement agencies, filled with journalists as well as employees of many major network security companies around the world.

Therefore, anyone who is intelligent enough to know that the sale of stolen data in such a public space is an act of 'putting yourself in jail', 'bowing to my grandfather in this dust'. Gnosticplayers obviously understands this, so it doesn't rule out that this hacker is trying to garner a reputation like hackers like Peace_of_Mind (also known as Peace).

1. Reveal personal data of more than 1.3 million people from a vulnerability in web application

With more than 932 million user profiles already available and sold on Dream Market, Gnosticplayers' floating data is a big threat, as it can be used to significantly support the capabilities of botnets, which allow for current login information with new login combinations.

Moreover, although initially managed quite well, however, many databases that Gnintoplayers advertised on Dream Market are gradually entering the public domain, similar to how Peace_of_Mind's original data leaked before.