Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Data Stolen From 945 Websites Emerges on Dark Web

SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports.

The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.

SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports.

The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.

On June 1 and June 10, the threat actor released two databases containing a total of 150 GB of unpacked SQL files, Lucy Security reveals.

The offered files include a broad range of personal data, including full names and phone numbers, emails, usernames, hashed and non-hashed passwords, IP addresses, and physical addresses, along with other information.

“The entity who collected and shared the databases on the dark web claims to have gathered these so-called ‘private’ databases without having committed any hacking by themselves, yet they also claim to possess even more databases, which they are planning to share or sell to the highest bidder,” Lucy Security says.

The targeted websites appear to have less than one million visitors each, based on their Alexa rankings, the security firm also notes.

The Lucy researchers who analyzed the databases reveal that the collection contains entire SQL dumps of the targeted sites, dated between 2017 and 2020. According to them, roughly 14 million users are impacted.

The researchers also identified 14 governmental sites in the collection. These belong to Ukraine, Israel, UK, Belarus, Russia, Lebanon, Rwanda, Pakistan and Kyrgyzstan.

Advertisement. Scroll to continue reading.

Lucy says that the new data does not appear to be linked to Collection #1, the massive collection of 773 million records that were amassed from different sources and was shared online in January last year.

“This is an entirely new threat; none of the databases were known to the public before,” Lucy says.

Related: Researchers Identify Hacker Behind Massive Data Breach Collection

Related: Security Breach Impacts State Police Database

Related: Design Marketplace Minted Confirms Recent Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.