New Threat Research: The Client/Server Relationship — A Match Made In Heaven 

Read Threat Research


620 Million Accounts Accessed From 16 Different Sites for Sale on the Dark Web

The information is located on the Darknet forum, Dream Market with a price tag of $20,000 Bitcoin. The information comes from 16 different sites which include Dubsmash, MyFitnessPal, MyHeritage, Animoto, 8fit, 500px, Armor Games, CoffeeMeetsBagel and Artsy. Data such as names of account holders, email addresses with hashed passwords, social media authentication tokens, and other personal details, but no financial information was included. Some of the sites have verified the authenticity of the data accessed. There is one attacker believed to be behind the unauthorized access of the information and the unknown person accomplished it through exploitation of security vulnerabilities in web apps. One of the sites, 500px, released a statement regarding the matter which said, “We are currently working on notifying our entire user base, however, given the number of users affected, this task will span one day at minimum. We’ve taken every precaution to ensure our users’ data is safe. A system-wide password reset is currently underway for all users, prioritized in order of accounts with the highest potential risk, and we have already forced a reset of all MD5-encrypted passwords.”

Analyst Notes

Users who may regularly access these websites should change their passwords immediately. If user accounts were believed to be accessed, they should contact the sites and ask how they should handle the breach.