Roughly 12 million accounts pilfered from at least 11 separate cryptocurrency forums over the past six years are being sold on the Dark Web, with a vendor under the pseudonym 'doubleflag' marketing the trove of stolen credentials as a "package" deal.
There is a thriving underground community on the Dark Web that revolves around trading in stolen databases, each typically containing tens of thousands of hacked accounts. Over the past 12 months, massive leaks have ended up there – from Dropbox to MySpace.
Now, according to HackRead, content from compromised forums including BitCoinTalk, MtGox, Bitcoinsec and BTC-E is being sold, including usernames, email addresses, phone numbers, and dates of birth, locations and passwords.
The price of the full dataset, which 'doubleflag' claims is roughly 12 million-strong, is 0.3817 Bitcoin, the equivalent of £330 ($415).
In a description on the Dark Web marketplace, which is not being named, the vendor claims, without evidence, that some of the passwords are in plain-text.
When checked further, IBTimes UK found a slew of the impacted forums are no longer in operation. Nevertheless, cybercriminals have been known to trade in old information as many internet users continue to recycle weak credentials across multiple online accounts.
One service named in the batch, BitcoinTalk.org, was hacked back in May 2015. When the batch emerged a year later it was selling for one Bitcoin, or £480 ($600). It contained over 500,000 accounts consisting of names, emails, passwords and more.
Another website, BTC-E.com, was hit in 2014 with 560,000 user accounts targeted. Slightly more severe, the leak featured user IDs, Bitcoin wallet balances and IP addresses. News of this hack broke in 2016 by a now-defunct breach notification website called LeakedSource.
According to the Dark Web website, doubleflag has sold over 100 orders and has a 98% positive feedback rating. They previously gained attention after trading in a number of the so-called "mega-breaches" from 2013, which impacted platforms including Yahoo and LinkedIn.
His store currently includes a slew of leaked databases. Victims are online websites and forums including Whois, Paddy Power, Experian, Brazzers, GTAGaming, Dota2, CDProjektRed, XHamster and Lastfm. In one significant listing, the vendor has a selection of US voter records.
Most recently, a separate hacker – using the title SunTzu583 – listed over 25 million alleged accounts from Gmail and Yahoo as up for sale. Based on his store front, the hacker was trying to offload 21,800,969 Google accounts and 5,737,977 from Yahoo in exchange for Bitcoin.