Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Gnosticplayers Returns With Round 4 of Compromised User Accounts

Gnosticplayers: The cyber-criminal who goes by the name Gnosticplayers on the Dream Marketplace has returned with “round 4” of their massive trove of stolen credentials.  This round of credentials comes from six different companies which includes: GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak, and YouthManual.com.  The stolen credentials from these six companies total over 26.4 million user accounts.  This brings the total number of compromised organizations from Gnosticplayers to 38, and over 863 million user details since February 11th.  While many of the accounts being sold by Gnosticplayers have come from breaches which took place prior to the beginning of their sales on Dream, it appears that at least five of the current databases being sold in round 4 were stolen since February.  According to statements made by Gnosticplayers, they have been releasing all of this information as punishment to the companies in question for not using strong enough security measures to protect their customers’ credentials.

Analyst Notes

Gnosticplayers have been pushing hard with these large sales and with how recent this latest set is, it seems unlikely that Gnosticplayers will be going anywhere anytime too soon. The erratic nature of the organizations that they choose to target makes it difficult to discern any pattern as to who they choose, other than organizations which they do not feel have acceptable security.