- Nick Cannon’s latest Eminem diss is not working out for him 10 Months Ago
- Conservatives want a war on porn. It’s puritanical sex values that need to go Today 7:00 AM
- The year in Meghan McCain news cycles Today 6:30 AM
- Why Tumblr is totally obsessed with 2 characters from Stephen King’s ‘It’ Today 6:00 AM
- Game developer Chucklefish accused of whitewashing characters of color Monday 5:22 PM
- Apple TV’s ‘Hala’ is a silent explosion of a coming-of-age film Monday 5:20 PM
- This new video game apparently lets you play Jesus Monday 4:02 PM
- Golden toilet creator sells world’s most expensive banana—only for another artist to eat it Monday 3:24 PM
- This new Chinese video game lets players attack Hong Kong protesters Monday 3:05 PM
- These TikTok videos that recreate NPC interactions from Skyrim are honestly incredible Monday 2:40 PM
- John Legend defends pro-consent ‘Baby It’s Cold Outside’ lyrics Monday 2:38 PM
- Video shows UC Berkeley student using racial slurs, making homophobic comments Monday 2:36 PM
- New video reveals Brother Nature instigated sandwich shop fight Monday 2:06 PM
- Lizzo’s thong dress breaks the internet Monday 1:25 PM
- Pixel Buds 2 or Apple AirPods 2: Which are right for you? Monday 1:09 PM
A hacker who made headlines this week for selling the details of more than 617 million accounts on the dark web has obtained 127 million more, bringing the total number of hacked accounts to 744 million.
As first reported by the Register Monday, the initial 617 million records, obtained from 16 hacked websites, are currently for sale on a dark web marketplace for $20,000 in bitcoin. The affected websites listed by the hacker are Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data, depending on the website it was acquired from, includes everything from names, email addresses, and passwords, as well as location information and social media authentication tokens. The Register notes, however, that the passwords appear to be hashed, meaning they must be decrypted before being used, and that no financial information was among the data.
The second data set, reported on by TechCrunch Thursday, includes 127 million records from an additional eight websites. Those services are Ixigo, YouNow, Houzz, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. Some of the websites, including Ixigo and PetFlow, used outdated algorithms to scramble and store passwords, meaning hackers will have little difficulty in cracking them open.
Although information from each website is being sold separately, the total asking price for the second data set is roughly $14,500 in bitcoin.
Several of the companies listed among the 744 million records have confirmed breaches, leading experts to conclude that the data is genuine. Anyone who has ever had an account with any of the aforementioned services is advised to change their passwords. Given that many individuals reuse passwords, hackers will undoubtedly test the hacked login credentials on other services such as Gmail and Facebook as well.
Users should also enable two-factor authentication on all services where it’s available, which will protect them even if their password is stolen. Using a password manager, which allows you to create and store unique and strong passwords, can also protect users against issues related to password reuse. For added protection, sign up for the free service from HaveIBeenPwned, a website which will alert you when your email shows up in a data breach.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.