A hacker known by the handle “Gnosticplayers” has listed a set of hacked databases for sale on Dream Market.
This batch of databases is the third the hacker has posted on the dark web marketplace. Previously, he had published a set of batches, the first with 16 databases that contained data from 620 million users while the second featured eight databases containing data from 127 million users.
In his latest post, Gnosticplayers published eight hacked databases that contain data from 92.76 million users. In this batch, the biggest name is GfyCat, a renowned GIF hosting and sharing platform.
Combined, all eight databases are valued at 2.6249 Bitcoin (BTC), which is equivalent to about $9,400, and each of these databases is being sold individually on Dream Market.
Gnosticplayers took credit for all the hacks and stated that he is not a typical intermediary. What’s more, the hacker outlined that he intends to sell more than a billion user records and subsequently escape with the money. Currently, his database collection amounts to about 840 million records.
In his statement to media outlet ZDNet, he outlined that his two primary objectives are to get money as well as see the downfall of a select group of Americans he referred to as “American Pigs.” He concluded the interview by stating that more is to come and in particular, a hack on a cryptocurrency exchange.
The List of Hacked Websites
Gnosticplayers outlined that the third round of stolen databases for sale on Dream Market belongs to the following eight websites:
- GIF hosting and sharing service GfyCat: 8 million records (.35 BTC)
- Real estate site StreetEasy: 1 million records (.175 BTC)
- Fitness and yoga service ClassPass: 1.5 million records (.204 BTC)
- Mobile payment service Onebip: 2.6 million records (.2626 BTC)
- Movie streaming platform Legendas.tv: 3.9 million records (.35 BTC)
- Online publishing service Storybird: 4 million records (.2334 BTC)
- Online job portal website Jobandtalent: 11 million records (.4669 BTC)
- Photo editor website Pizap: 60 million (.583 BTC)
None of these eight companies listed by the hacker had reported a data breach before his post. Even so, some of the listed firms have since admitted to being victims of security breaches, something which validates the hacker’s claims as well as the legitimacy of the data that is on sale on
Bringing Attention to the Case of Imprisoned Hacker
The listings were also accompanied by a distinct message. The message is a brief outline of the treatment of U.K. national George Duke-Cohan, a member of the infamous Apophis Squad hacking group, which is notorious for DDoS attacks.
Last summer, he was arrested, convicted, and then handed a three-year sentence in December 2018. Per the terms of his sentence, he’s serving one year for the offense of emailing bomb threats to several schools and two years for a threat to a United Airlines flight while on bail.
The message from Gnosticplayers starts by recognizing Duke-Cohan’s talents, then going on to say that rather than the U.K. government allowing him to develop his skills, it decides to put him behind bars for three years.
Similarly, now the U.S. government is also looking to sentence the hacker to a 65-year jail term for the same offenses that led the U.K. government to sentence him for three years. An indictment naming Duke-Cohan’s charges was filed February 8 by the Central District of California.
This, Gnosticplayers argues, is judging the innocent man twice, and as such, the release of these databases is to serve as a reminder to the governments.
What’s more, the message also pinpoints that when nations pledge to respect its citizens, they have a moral responsibility to fulfill this promise—something that the U.K. government did not do, Gnosticplayers argues.
In extension, Gnosticplayers states that it would not surprise him if Duke-Cohan commits suicide. This is particularly since the U.K. government already played their part in his demise, which to him feels like a death sentence. Finally, the message concludes by outlining that if justice is not served on his case, more data leaks are to be expected.
Data Breaches Call for Strict Security Measures
Over the last few years, website breaches and the subsequent sale of user data on the dark web has shed light into how severe cybercrime can be. Cybersecurity experts and website operators alike are now encouraging all users to be more vigilant and work hard to ensure that their accounts remain secure by following strict security measures.
According to the experts, these measures include regularly changing passwords and using different, strong passwords for different accounts.
Users concerned about their data being exposed can confirm whether their details are secure using the data breach-checking website HaveIBeenSpwned.com.