comscore
News

620 million accounts from Dubsmash, MyFitnessPal and 14 other websites hacked

Some of the popular websites are now acknowledging the leak and forcing password reset.

  • Published: February 13, 2019 8:42 AM IST
Phone-hacking-Pixabay

Another instance of online accounts being stolen and sold on the Dark Web has now come to light. As many as 617 million accounts from 16 popular websites have been detected for sale on the Dream Market website available on the Tor network. Hackers get hold of this information for an equivalent of $20,000 in Bitcoin. The information available includes account names, email addresses and passwords and the only good news being that the passwords are in hashed state and those who buy these information will need to crack them before it being useful.

This haul of user information was first highlighted to The Register by the apparent seller, who then provided the website with sample records to prove the authenticity of this leak. The report notes that nearly 162 million Dubsmash accounts have been compromised while 151 million MyFitnessPal user accounts have also been affected. Other services hit by this data leak include 92 million users of MyHeritage, 41 million from ShareThis, 28 million from HauteLook, 25 million from Animoto, 22 million from EyeEm, 20 million from 8fit, 18 million from Whitepages, 16 million from Fotolog, 15 million from 500px, 11 million from Armor Games, 8 million from BookMate, 6 million from CoffeeMeetsBagel, 1 million users of Artsy and 7,00,000 accounts linked to DataCamp.

The victims of this data bump include dating sites, e-commerce stores, and gaming studios. The database was apparently put up for sale by a single hacker, says The Register, and the information is said to have been stolen in 2018. The hacker reportedly cracked security vulnerabilities within web apps in order to deploy remote-code execution, which allowed them to extract user account information from these sites.

WatchL JioPhone Kumbh App

The Register contacted MyHeritage to see if the sample information provided to it was real. The site had suffered a data breach last year, and it confirmed that the data from the genealogy site were legitimate. The hacker claims to have secured one buyer, and more are likely to bid for the digital user information. 500px and EyeEm have also confirmed that account data was stolen from their servers. Both the platforms are now informing their customers that accounts were hacked and has forced a reset of their passwords.

  • Published Date: February 13, 2019 8:42 AM IST