Sign In  |  Register  |  About Burlingame  |  Contact Us

Burlingame, CA
September 01, 2020 10:18am
7-Day Forecast | Traffic

  • Search Hotels in Burlingame

  • CHECK-IN:
  • CHECK-OUT:
  • ROOMS:
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Overview
News
Currencies
International
Treasuries

ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacks

By: TechCrunch
In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again. The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. […]

In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again.

The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. This weekend, the hacker added their third round of data breaches — another eight sites, amounting to another 91 million user records — on their dark web marketplace.

To date, the hacker has revealed breaches at 30 companies, totaling some 841 million records.

According to the latest listing, the sites include 20 million accounts from Legendas.tv, OneBip, Storybird, and Jobandtalent, as well as eight million accounts at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another one million StreetEasy property searching accounts.

In all, the hacker is selling the eight additional hacked sites for 2.6 bitcoin, or about $9,350.

From the samples that TechCrunch has seen, the accounts include some variations of usernames and email addresses, names, locations by country and region, account creation dates, passwords hashed in various formats, and other account information.

We haven’t found any financial data in the samples.

Little is known about the hacker, and it remains unclear exactly how these sites were hacked.

Ariel Ainhoren, research team leader at Israeli security firm IntSights, told TechCrunch this week that the hacker was likely using the same exploit to target each of the sites and dump the backend databases.

“As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it,” said Ainhoren in an email to TechCrunch earlier this week. The software in question, PostgreSQL, an open-source database project, said it was “currently unaware of any patched or unpatched vulnerabilities” that could have caused the breaches.

TechCrunch contacted several of the companies but didn’t hear back at the time of writing. If we hear back, we’ll update.

Hacker who stole 620 million records strikes again, stealing 127 million more
Related Stocks:
ETFMG Prime Cyber Security ETF
Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.
 
 
About Us | Contact Us | Privacy Policy | User Agreement | Advertise With Us | Site Map
Copyright © 2010-2020 Burlingame.com & California Media Partners, LLC. All rights reserved.