Roughly four million accounts for the online marketplace Quidd have been posted for free on multiple hacking forums. According to ZDNet sources, the original breach is credited to someone going by the alias “ProTag” and has been privately advertised for sale since at least October 2019. Although passwords were hashed using bcrypt, another user on the same forum as the original post is selling what they claim to be plain-text passwords for 137,518 Quidd accounts. A reply to the original post also claimed to have recovered nearly one million passwords. Cracking bcrypt hashes takes considerable effort and computing power, so it is entirely possible that the recovered passwords came from other sources and were matched to the accounts.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is