An opportunist using the name “DoubleFlag” has put the recently hacked BitcoinTalk.org’s database for sale on the dark web, according to Hackread. The same seller has also suggested 68 million hacked hashed passwords of Dropbox users.
In May 2015, BitcoinTalk was the victim of a social engineering attack after an unknown hacker targeted an employee of NFOrce, BitcoinTalk’s ISP. In a revelation on Reddit at the time, forum operator and administrator Theymos hinted that password hashes, private messages, emails and other user details could be compromised.
User Data Exposed
As it turns out, the data dump containing stolen Bitcointalk users’ information includes usernames, email addresses, passwords, users’ birthdays, secret questions and their corresponding hashed secret answers and other internal data.
While the hack occurred in May 2015, the stolen data was leaked only a duo of days ago from unknown sources.
“DoubleFlag” grabbed the data before anyone else could. The leaked data was only accessible to data breaches notification sites like Hacked-DB and LeakedSource.
BitcoinTalk Database For 1 BTC
BitcoinTalk’s database is going for 1 BTC ($614.67 USD). The file contains 514,408 accounts, including email address, individual text number, date of birth, username, gender, website title, password and location. The passwords are encrypted. There are 469,540 passwords encrypted with the SHA-256 algorithm, plus 44,868 passwords encrypted with the SMF password encryption.
Notably, the remaining 91% of user passwords were hashed with “sha256crypt,” a method of password storage that LeakedSource deemed as “far superior to almost every website we’ve seen thus far.” That’s high praise, coming from a resource that exposes details of data breaches frequently, in a time where mega-breaches of hundreds of millions of users are commonplace.
LeakedSource was able to crack 30,389 passwords in total.
Seller Shares Sample Data
The dark web seller also collective sample data of more than 600 accounts with Hackread from the database:
Photo courtesy: Hackread
While the leaked passwords are encrypted, decrypting them is not expected to be difficult.
Hackers stole and sold 427 Million MySpace passwords earlier this year on the same dark web marketplace. In May 2016, 33 million Twitter and 117 million LinkedIn login credentials were listed on a dark web marketplace for sale.
Pics from Shutterstock.
- Posted in: Bitcoin Security, Hacked, News
- Tagged in: bitcointalk.org, DoubleFlag, Theymos
Posted by Lester Coleman
Lester Coleman is a media relations consultant for the payments and automated retailing industries. He is available for writing and media relations assignments.