The Dream Market hacker who is already known for his sale of hacked databases struck again on the dark web.
Earlier this month, the hacker published eight collections including 92.76 million-user records, among which are big-name companies such as GfyCat.
All of the eight companies were asked to comment, and none of them had previously revealed any data breaches in their systems.
The hacker’s claims and the nature of them are currently being investigated.
Data of 8 Companies Put up for Sale
Gnosticplayers, a dark web vendor who is already known for his sales of hacked data, has a history of such deals.
Previously, he has put up for a sale 16 collections of data on Dream Market, a popular dark web marketplace.
These collections contained data of approximately 620 million users. His second batch contained a total data of 127 million users divided into eight collections. The hacker has revealed that his only intent behind these revelations is to take down the “American pigs.” His goal, as he disclosed, is to sell over a billion hacked records, and his current amount of broadcasted data is about 840 million reports.
Due to this reason, Gnosticplayers went a step further and published an additional set of databases he hacked from eight different companies.
This batch again contained eight databases with data of approximately 93 million users. The collections are worth 2.6249 Bitcoins total—the equivalent of over $9,900 USD.
The newest leaks of the eight companies include different databases, sizes and content, and are all sold under a different price.
Legendas.tv is the first company name on the list. From this movie sharing service, the hacker managed to pull out 3.9 million records of user data including usernames, passwords, IP addresses and emails. The collection’s price is .35 Bitcoin (BTC).
Jobandtalent‘s collection is quite bigger, containing 11 million records and sold for .4669 BTC.
Onebip is a mobile payment platform and yet another victim of the hacker. Among the hacked 2.6 million-user reports the hacker included usernames, emails, passwords, names, addresses, phone numbers, PayPal information, API keys, company information and more. The collection has a price of .2626 BTC.
StoryBird‘s hacked records are sold for .2334 BTC on the dark web. The storytelling service’s data enclose reports from 4 million users.
StreetEasy‘s 1 million records of data is worth .175 BTC and consists of usernames, passwords, emails and others.
GfyCat, the biggest name in the list, is a GIF image hosting website whose data is being sold for .35 BTC on Dream Market. The collection has information about 8 million users among which their usernames, emails and passwords can be found.
Fitness service ClassPass also makes the list. The 1.5 million user records are marketed for .204 BTC. The data combines usernames, emails, passwords, full names and sexes.
Pizar, an online photo editor, is the last company name on the list. Their hacked data is foremost the biggest in the list with approximately 61 million records of user data, sold for .583 BTC.
The Alleged Motive
After discovering the lists are accompanied with one same message from the vendor, it was concluded the hacker’s purpose behind these leaks is far more than just enriching himself financially.
In the message that each list included, the hacker talked about George Duke-Cohan, a U.K. national who was a member of the Apophis Squad, a hacking team.
Duke-Cohan was sentenced to three years of imprisonment last December, after being apprehended last summer.
Gnosticplayers’ message mentioned the young hacker was, according to him, very talented and did not deserve the judgement he received.
He also writes about the defendant’s initial sentence of three years in the U.K. and potential to face 65 more years in prison in the U.S. Duke-Cohan was indicted earlier this month by a California court.
The hacker stated his contempt for the current situation and added that it would not be a surprise if Duke-Cohan ends his own life in jail.
Gnosticplayers also expressed opposition to the U.K. government’s mishandling of this case and their inability to protect their citizens.
Gnosticplayers says he is planning to release even more data if Duke-Cohan is not given fair justice.
It is still unknown whether the government is going to meet the hacker’s requests. Only some of the eight companies whose data was leaked on the dark web have admitted to breaches in their security systems.