A hacker who made headlines this week for selling the details of more than 617 million accounts on the dark web has obtained 127 million more, bringing the total number of hacked accounts to 744 million.
As first reported by the Register Monday, the initial 617 million records, obtained from 16 hacked websites, are currently for sale on a dark web marketplace for $20,000 in bitcoin. The affected websites listed by the hacker are Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data, depending on the website it was acquired from, includes everything from names, email addresses, and passwords, as well as location information and social media authentication tokens. The Register notes, however, that the passwords appear to be hashed, meaning they must be decrypted before being used, and that no financial information was among the data.
The second data set, reported on by TechCrunch Thursday, includes 127 million records from an additional eight websites. Those services are Ixigo, YouNow, Houzz, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. Some of the websites, including Ixigo and PetFlow, used outdated algorithms to scramble and store passwords, meaning hackers will have little difficulty in cracking them open.
Although information from each website is being sold separately, the total asking price for the second data set is roughly $14,500 in bitcoin.
Several of the companies listed among the 744 million records have confirmed breaches, leading experts to conclude that the data is genuine. Anyone who has ever had an account with any of the aforementioned services is advised to change their passwords. Given that many individuals reuse passwords, hackers will undoubtedly test the hacked login credentials on other services such as Gmail and Facebook as well.
Users should also enable two-factor authentication on all services where it’s available, which will protect them even if their password is stolen. Using a password manager, which allows you to create and store unique and strong passwords, can also protect users against issues related to password reuse. For added protection, sign up for the free service from HaveIBeenPwned, a website which will alert you when your email shows up in a data breach.