Popular apps like Dubsmash and MyFitnessPal were among 16 businesses hit by a hacker – leading to the theft of 617 million account details.
The hacker has since put the data up for sale for $20,000 in Bitcoin, according to The Register.
The stolen data can be bought at the Dream Market, a dark web marketplace located in the Tor network.
The account details were stolen from Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), and Animoto (25 million).
Also hit were EyeEm, 8fit, Whitepages, Fotolog, 500px , Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data would be valuable to other hackers, spammers, and blackmailers.
Although the passwords in the data are encrypted, the buyer could decode the weaker passwords and then try to use the email address to log into email and social media accounts.
There is no financial data in the stolen profiles.
The seller told The Register the Dubsmash user details were bought by at least one customer.
Online theft
Cybercriminals are trawling social media for victims to blackmail for Bitcoin – including threatening to expose them watching porn.
They claim to have evidence and use previously exposed passwords as “proof” of compromise.
A gang of ‘sextortionists’ targeted 89,000 people on sites including LinkedIn, according to UK cybersecurity firm Digital Shadows.
They are believed to have raised nearly £255,000 across 92 Bitcoin addresses, reports the Express.
Sextortion-based email campaigns seek to extort victims by threatening to publicly embarrass them for engaging in a sexually explicit act.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.