Massive Data Sale in History

It’s Exclusive and huge! Cyber Press Researchers uncovered a massive amount of data for sale in History, totaling $122 GB. It contains 2 billion rows of data, 1.7k files, and 361 million unique emails, usernames, and passwords across 1.7k files.

The dataset is being sold for just $500 through an exclusive Telegram channel, which cybercriminals frequently use for anonymous communication and illicit transactions. Telegram’s end-to-end encryption and perceived security have made it an increasingly popular platform for cybercriminal activities.

In May 2024, all the listed files were collated from various malicious Telegram channels, where hackers were selling large quantities of stolen files from multiple data breaches. The dataset seemingly originates from a blend of previously compiled combolists and information harvested by infostealer malware.

The infostealer malware is known for its various sophisticated techniques to harvest email addresses, passwords, and other credentials from infected systems. These methods include extracting data from web browsers, keylogging to capture typed information, scraping system memory, intercepting form submissions, taking screenshots, monitoring clipboards, and targeting specific applications.

EHA

Some advanced infostealers can even hijack browser sessions to bypass multi-factor authentication. The malware typically gathers system information to contextualize the stolen data before transmitting it to a remote server controlled by the attacker. This stolen information is often sold on dark web marketplaces or used for further cyberattacks.

We have accessed the sample data from the leaked files and confirmed that most files, emails, and plaintext credentials are legitimate. We have verified the data with the seller, and credentials can still be used to log in to the accounts associated with Facebook, Instagram, Twitter, Frelancer.com, and more.

Cybercriminals posted data for sale in data leak forums (Source: cyberpress.org)

This is one of the largest data on-sale in the history of data leaks, and the leaked data is combined with some of the largest tech company platforms, including:

  • Gmail
  • Amazon
  • Facebook
  • Spotify
  • Netflix
  • Paypal
  • Minecraft
  • Instagram
  • Stripe
  • Roblox
  • LastPass
  • Adobe
  • Live
  • Twitch
  • Booking
  • Pinterest
  • coinbase
  • Twitter
  • Lenovo
  • Flipkart
  • Zoom

We have listed only a small number of companies that were affected by this leak. Still, the cybercriminals are selling data from 10 of 100 companies through an exclusive Telegram channel, where you can reach from a data leak forum where hackers advertise the data.

Data obtained from samples Source: cyberpress.org)

We have tested several accounts among billions of records, even some of the accounts from Freelancer.com and found that certain accounts have funds available in their dashboard and are prepared for withdrawal. This location presents an ideal opportunity for cybercriminals to illegally obtain funds, personal data, client information, work details, and other sentive details.

https://vi-vn.facebook.com (Email:Password)
https://www.facebook.com/login (Email:Password)
https://discord.com/login (Email:Password)
https://my.dpd.de/register/mylogin.aspx (Email:Password)
https://www.facebook.com/campaign/landing.php (Email:Password)
https://www.facebook.com/login/device-based/regular/login (Email:Password)
https://web4.neptun.u-szeged.hu/hallgato/login.aspx (Email:Password)
https://www.sisal.it(Email:Password)
https://apps.twc.state.tx.us/ubs/security/validateresetpassword.do (Email:Password)
https://portal.bopp-obec.info/obec59/auth/login (Email:Password)
https://signin.ebay.co.uk/ws/ebayisapi.dll (Email:Password)
https://www.joinhoney.com/settings (Email:Password)
https://www.tumblr.com/register (Email:Password)
https://portal.trueinternet.co.th/wifiauthen/web/wifi-login.php 8(Email:Password)
https://accounts.google.com/signup/v2/webcreateaccount (Email:Password)
https://dashboard.supa.video (Email:Password)
https://accounts.google.com/servicelogin (Email:Password)
https://oefenen.nl/programma/lees_en_schrijf_het_leesplankje (Email:Password)
http://10.18.181.72 8080/:(Email:Password)
https://api.twitter.com/oauth/authenticate (Email:Password)
https://wifi.care/login (Email:Password)
https://www.disneyplus.com/pt-br/login/password (Email:Password)
https://www.facebook.com indra.kona@gmail.com:(Email:Password)
https://www.informo.tv (Email:Password)
http://127.0.0.1 (Email:Password)
https://www.airtel.in/s/selfcare (Email:Password)
https://tr.link/auth/signin (Email:Password)
https://discord.com/channels/717072320321159178/722145114516095009 (Email:Password)
http://pasted.co/7f529bc7 (Email:Password)
https://cindymatches.com/landing (Email:Password)
https://www.gsuplementos.com.br/checkout/cadastro (Email:Password)
https://www.runt.com.co/runt/apppub/PortalCiudadano (Email:Password)
https://ignouadmission.samarth.edu.in (Email:Password)
https://www.campusvirtualsp.org/es/user/register 
https://www.amazon.in 8369325203 (Email:Password)
https://www.facebook.com (Email:Password)
https://www.pinterest.com/markdougrey/winston-marcos-jw (Email:Password)
https://efpwf1.alvinisd.net/eac5/login.aspx(Email:Password)
https://ecole.cned.fr(Email:Password)
https://wowgilden.net (Email:Password)
https://www.notion.so/login (Email:Password)
https://www.estascontratado.com/curriculum j(Email:Password)
http://whdd1075.webhard.co.kr/webII/guest/folder_(Email:Password)
https://collegereadiness.collegeboard.org/sat/register/international (Email:Password)
https://www.micromania.fr/stdcheckout/standard/delivery (Email:Password)
https://www.bookbub.com/signup_passwords (Email:Password)
http://pr02421.agglo-tco.re/nw_ldap.html a(Email:Password)
https://discord.com/channels/850661020867231794/854045698886074423 (Email:Password)
https://natevanghacks.com/hacks/omgsploit.php (Email:Password)
https://mail.digimail.in (Email:Password)
https://www.facebook.com (Email:Password)
https://help.steampowered.com/th/wizard/Login (Email:Password)
https://www.titano-store.com/index.php (Email:Password)
https://www.impericon.com/au/checkout/onepage(Email:Password)

The Cyber Press team randomly tested hundreds of leaked accounts from various platforms, most protected with 2-factor authentication.

These data might have been collected from different attacks and breaches in a different time frame. Recently, malicious Telegram group members merged them, and it became one of the largest amounts of data ever collected and sold for just $500.

Cyber Press communicated anonymously with the Telegram group operator by showing interest in purchasing a database with 122 GB.

“Saul-notbadman, a group member who communicated with us over Telegram, shared sample files with the counts of each platform list, which are as follows:

The database on sale contains 1.4 Million Facebook user account credentials, including Username and password (plaintext).

We have learned that the leaked database contains more than 300k Instagram user credentials, most of which are accessible directly.

We obtained some of the most sensitive data from sellers via Telegram, particularly Stripe and PayPal credentials. Most of these credentials are presently active and can be accessed by anyone who possesses this dataset when their credentials match.

With around 9 million compromised login credentials, Gmail ranks first.

“Cyber Press researchers learned from the seller that this is the largest database ever sold online, particularly via a Telegram channel. The seller insists on a $500 price, claiming the same data is sold on other underground forums for much higher prices.”

Disclaimer: The Cyber Press Team has not gained unauthorized access to any accounts. The data was validated solely for testing purposes.

Potential Risks

The breach presents several significant risks:

  1. Financial Theft: Researchers found that some compromised Freelancer.com accounts had funds available for withdrawal, presenting an immediate risk of financial loss.
  2. Identity Theft: With access to email accounts and personal information, criminals could potentially steal identities or create fake accounts.
  3. Account Takeovers: Many of the leaked credentials can be used to access multiple platforms, potentially leading to widespread account compromises.
  4. Phishing and Social Engineering: Detailed personal information could be used to craft highly convincing phishing attacks or social engineering schemes.

This unprecedented data breach highlights the ongoing challenges in cybersecurity and the need for stronger protection measures. Users are advised to change their passwords, enable two-factor authentication where possible, and remain vigilant for any signs of unauthorized access to their accounts.

Response and Recommendations

In light of this massive breach, cybersecurity experts recommend the following actions:

  1. Change passwords immediately, especially for accounts mentioned in the breach.
  2. Enable two-factor authentication on all accounts where possible.
  3. Use unique passwords for each online account.
  4. Monitor accounts for any signs of unauthorized access or suspicious activity.
  5. Be cautious of phishing attempts that may use personal information obtained from this breach.

As investigations continue, the full impact of this massive data leak remains to be seen. However, it serves as a stark reminder of the vulnerabilities in our increasingly digital world and the constant need for vigilance in protecting personal information online.

Other Data Leaks

LEAVE A REPLY

Please enter your comment!
Please enter your name here