So in just a single week, a seller put almost 750 million records from 24 hacked sites up for sale, and now the hacker has struck again. The hacker, whose identity isn’t known, began listing user data from several major websites including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week.
This weekend, the hacker added a third round of data breaches — another eight sites, amounting to another 91 million user records to their dark web marketplace( i guess i might be going data shopping on the darkweb really soon😁). To date, the hacker has revealed breaches at 30 companies, totaling about 841 million records( wow he must be really good at this), According to the latest listings, the sites include 20 million accounts from Legendas.tv, OneBip, Storybird, and Jobandtalent, as well as eight million accounts at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another one million StreetEasy property searching accounts
“As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it,” said Ainhoren.
The software in question, PostgreSQL, an open-source database project, said it was “currently unaware of any patched or unpatched vulnerabilities” that could have caused the breaches.We contacted several of the companies prior to publication. Gfycat responded, saying it was looking into the breach, and Pizap said it was “not aware of any hack and will investigate immediately.” We’ll update once it comes in.