It has been revealed that around 617 million private accounts belonging to your everyday public were flooded onto the dark web for sale. This is a tactic commonly used by hackers, who collate large data dumps of private and financial information, before flogging it to the highest bidder(s). And true to fashion, the source of this hacked data is charging around $20,000 in Bitcoin — a cryptocurrency — to purchase the full collection of user data.

It transpires that the massive collection of user accounts was stolen from 16 different websites, including some of the most popular sites like MyFitnessPal, a calorie and fitness tracker. This is perhaps the most well-known of the websites targeted in the attack, with around 151 million MyFitnessPal accounts exposed. And the data that was compromised ranges from simple email address, to passwords and even user location.

Here’s a complete list of the websites from which data was stolen as part of this security breach:

  • 8fit
  • 500px
  • Animoto
  • Armor Games
  • Artsy
  • BookMate
  • CoffeeMeetsBagel
  • DataCamp
  • Dubsmash
  • EyeEm
  • Fotolog
  • HauteLook
  • MyFitnessPal
  • MyHeritage
  • ShareThis
  • Whitepages

The hacked data is currently hosted on a website called Dream Market, which is the biggest market currently operating on the dark web, a section of the internet known for anything from drugs and arms trafficking, to illegal pornography. But this isn’t an area of the web that you can simply stumble across accidentally when browsing through Google. Rather, to access the dark web, you need something called a ‘Tor client’, a special type of network that obscures your computer’s IP address and hides what you’re doing online. It goes without saying that any legitimate user of the internet doesn’t need to go looking for this dark corner.

The good news is that the data dump doesn’t appear to contain any financial information, such as credit or debit card details. Though first and last names, and location data are part of the data, there shouldn’t be enough to clone somebody’s identity. However, the leaked email addresses and passwords could be sufficient for hackers to gain access to some private accounts, where financial information could be stored.

You would be most at risk if your data was included in this breach and you use the same password and email address for multiple accounts online. The most likely reason for a hacker to purchase a large collection of user data such as this is to try and reuse the same passwords to access more lucrative accounts. Given the high cost associated with the data collection, it’s a practice that clearly returns some results from time to time, so it’s important to safeguard your accounts.

So if you’re a user of any of these websites, we suggest changing your password. Fortunately, we recently published some best-practice information on creating new passwords, here.

If you need any more help with your online security, such as setting up multi-factor authentication, then get in touch with WiseGuys on 0808 123 2820 and we can provide you with advice.