- Reddit Relationships: Man laughs at girlfriend for using Microsoft PowerPoint during sex Thursday 8:59 PM
- The 15 Brad Pitt movies you need to see now, ranked Thursday 8:26 PM
- Facebook could face legal action over the Area 51 event Thursday 6:50 PM
- How to stream Texans vs. Chargers in NFL Week 3 action Thursday 6:40 PM
- Tekashi 69 alleges Cardi B was a Bloods gang member Thursday 5:55 PM
- Right-wing sites falsely claimed group of Somalis attacked man in viral video Thursday 5:00 PM
- Big creators risk losing checkmarks amid YouTube verification purge Thursday 4:56 PM
- How to stream Eagles vs. Lions in NFL Week 3 action Thursday 4:52 PM
- How to stream Steelers vs. 49ers in NFL Week 3 action Thursday 4:10 PM
- How to stream Bills vs. Bengals in NFL Week 3 action Thursday 4:03 PM
- Colt halts production of AR-15s for civilians Thursday 3:45 PM
- If you love long-winded, hashtag-heavy Instagram captions, these apps can help Thursday 2:54 PM
- Teen girls on TikTok have convinced the internet that they eat their tampons Thursday 2:33 PM
- Twitch streamer faces criticism for trying to defend racist jokes Thursday 2:03 PM
- How to stream Raiders vs. Vikings in Week 3 Thursday 12:55 PM
A hacker who made headlines this week for selling the details of more than 617 million accounts on the dark web has obtained 127 million more, bringing the total number of hacked accounts to 744 million.
As first reported by the Register Monday, the initial 617 million records, obtained from 16 hacked websites, are currently for sale on a dark web marketplace for $20,000 in bitcoin. The affected websites listed by the hacker are Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data, depending on the website it was acquired from, includes everything from names, email addresses, and passwords, as well as location information and social media authentication tokens. The Register notes, however, that the passwords appear to be hashed, meaning they must be decrypted before being used, and that no financial information was among the data.
The second data set, reported on by TechCrunch Thursday, includes 127 million records from an additional eight websites. Those services are Ixigo, YouNow, Houzz, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. Some of the websites, including Ixigo and PetFlow, used outdated algorithms to scramble and store passwords, meaning hackers will have little difficulty in cracking them open.
Although information from each website is being sold separately, the total asking price for the second data set is roughly $14,500 in bitcoin.
Several of the companies listed among the 744 million records have confirmed breaches, leading experts to conclude that the data is genuine. Anyone who has ever had an account with any of the aforementioned services is advised to change their passwords. Given that many individuals reuse passwords, hackers will undoubtedly test the hacked login credentials on other services such as Gmail and Facebook as well.
Users should also enable two-factor authentication on all services where it’s available, which will protect them even if their password is stolen. Using a password manager, which allows you to create and store unique and strong passwords, can also protect users against issues related to password reuse. For added protection, sign up for the free service from HaveIBeenPwned, a website which will alert you when your email shows up in a data breach.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.