Skip to main content

After fourth attack, hacker puts personal records of 26M people up for sale

russian hackers
Image used with permission by copyright holder

A hacker going by the name of “Gnosticplayers” is selling the personal data of 26 million people who have been using the services of six different companies from across the world. The information is up for sale on the dark web for a value of up to 1.4231 bitcoin, or around $4,940. This marks the fourth time the hacker is selling people’s personal information.

According to ZDNet, the companies impacted by this hack include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak, and Youthmanual. While most of these companies are not based in the United States. a noteworthy name on the list is GameSalad, a game-development platform that powers 75 games that reached the top 100 in Apple’s App Store.

For the majority of these companies or services, the hacker has published batch files containing emails, passwords, user names, IP addresses, and app settings. However, not all the data is up for sale, as several of these companies have paid the hacker to keep some of the information from being exposed. The passwords in the hack are also hashed as a string of characters but can still be uncovered.

The hacker is apparently selling this data because he believes these companies are not properly protecting the information of its users with the adequate encryption. “I got upset because I feel no one is learning, I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry,” the hacker told ZDNet.

In his first round of attacks in February 2019, hacker Gnosticplayers put up for sale the information of 617 million online accounts from 16 hacked websites. That was then followed up a secondary hack which impacted eight additional websites, including travel-booking site Ixigo and live-video streaming site YouNow. The third hack affected up to 93 million users and websites including the popular Gif-sharing platform Gfycat and the online photo editor Pizap.

These types of hacks and data breaches are an increasingly common aspect of digital and online life. The best practices when using online services include avoiding using the same passwords. Instead, it is best to use alphanumeric characters in passwords, and leverage two-factor authentication to protect your accounts. We have a guide on how to create a safe password.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Travelex reportedly paid millions to hackers after ransomware attack
worlds largest retail currency dealer hit by ransomware attack travelex

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

Read more
Hackers expose personal details of 10 million MGM hotel guests
russia hotel wi fi hack hacking hacker lifestyle pc keyboard

A major security breach has hit MGM Resorts hotels after the personal details of 10.6 million guests were posted on a hacking forum this week.

The stolen data belongs not only to regular tourists but also to celebrities, tech CEOs, and government officials -- among them Twitter CEO Jack Dorsey and Canadian singer Justin Bieber.

Read more
Hackers demand $6M from largest retail currency dealer in ransomware attack
worlds largest retail currency dealer hit by ransomware attack travelex

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

Read more