• Following the first collection of 620 million account credentials stolen from 16 companies, the second collection containing 127 million stolen credentials, was made available for sale on a Dark Web marketplace.
  • However, the seller soon removed all the listings from the marketplace, while hinting at more collections to come.

Earlier this week, almost 620 million account credentials stolen from 16 companies were put for sale on the Dream Market site by a seller named ‘gnosticplayers’ who quoted roughly $20,000 in bitcoin.

Dream Market is a Dark Web marketplace where criminals sell an assortment of illegal products, such as user data, drugs, weapons, malware, and more.

Second large collection of account credentials

The seller ‘gnosticplayers’ is back with the second collection of breached account credentials stolen from eight companies, quoting $14,500 in bitcoin for the collection.

The data involved in the breach included full names, birthdays, registration dates, usernames, email addresses, passwords, password hash, crypted passwords, IP addresses, passport numbers, Facebook IDs, other social profiles and more.

Eight companies affected

The stolen accounts belonged to the following eight companies:

  1. Ge.tt - 1.83 million accounts - 0.16 bitcoin
  2. Ixigo - 18 million accounts - 0.262 bitcoin
  3. Roll20.net - 4 million accounts - 0.0582 bitcoin
  4. Houzz - 57 million accounts - 2.91 bitcoin
  5. Coinmama - 420,000 accounts - 0.3497 bitcoin
  6. YouNow - 40 million accounts - 0.131 bitcoin
  7. StrongHoldKingdoms - 5 million accounts - 0.291 bitcoin
  8. Petflow - 1 million - 0.1777 bitcoin

The breached companies are from different sectors such as gaming, travel, interior design, cryptocurrency, live streaming, and pet food.

Listings removed

Soon after the news broke, the seller removed all the listings from Dream Market, stating, "All my listings have been removed, to avoid them being bought so many times and being leaked, as a respect for my buyers. But don't worry, next round of breaches coming soon.”

YouNow confirmed the authenticity of the data

Among the breached companies, YouNow, a live streaming company, stated that its security experts investigated the incident and confirmed that the data breach did not compromise users' passwords or credit card information.

“Our security experts have investigated the claim that YouNow was hacked, and can definitively confirm that information on YouNow users’ passwords and credit cards was not compromised in any sort of data breach. YouNow relies on 3rd parties (such as Facebook, Apple, and Google) for its login and payment methods, and has never stored any passwords or credit card information. Therefore, it is not possible that any hacker breached YouNow for this data,” YouNow told BleepingComputer.

Cyware Publisher