Times when ‘Gnosticplayers’ hacker made headlines for selling troves of stolen data on dark web

• The hacker’s notoriety came to light when databases containing roughly 617 million hacked accounts were put up for sale on Dream Market.
• Zynga Inc, an American social game developer is the latest victim of ‘Gnosticplayers’ hacker.

The year 2019 has seen a lot of massive data breaches, with some of them turning disastrous for various organizations across the world. These firms have had the personal data of their customers being stolen or sold on different dark market places without their knowledge.

In most of these cases, the infamous ‘Gnosticplayers’ hacker has been held responsible for stealing as well as selling millions of sensitive records on the dark web. Here is the list of the major data breaches:

• The hacker’s notoriety came to light when databases containing roughly 617 million hacked accounts were put up for sale on Dream Market. The hack affected 16 organizations including ‘MyFitnessPal’, ‘MyHeritage’, ‘Animoto’ and ‘500px’.
• The second round of data dump totaled 127 million records originating from eight companies. These hacked details were also sold on Dream Market at a price of about $14,500 (roughly four bitcoin). The stolen records belonged to Ixigo, YouNow, Houzz, Ge.tt, PetFlow and more.
• The third set of hacked databases that were put on sale included the personal data of around 92 million users. These stolen records belonged to eight new companies from across the globe. The biggest victim was the famous GIF hosting and sharing platform, GfyCat. The hacker was selling each database at a price worth 2.6249 Bitcoins.
• The fourth round of hacked accounts included 26.42 million user records. These records belonged to six companies named, GameSalad, Estante Virtual, Coubic & LifeBear, Bukalapak, and YouthManual.
• ‘Gnosticplayers’ hacker had put up the fifth set of user records on sale in April 2019. This time, the hacker had exposed a total of 65.5 million records on the Dream Market forum. The data was stolen from six new companies that included the names of MindJolt, Wanelo, iCracked, Yanolja, Evite and Moda Operandi.
• The hacker was responsible for the hack at Canva, an Australian online design tool company. Going by online alias Gnosticplayers, the hacker claimed to have stolen the data of 139 million Canva users.
• Online food ordering service Eatstreet and social planning &e-invitation service Evite admitted of data breaches that allegedly involved Gnosticplayers. The hacker reportedly breached over one million records from both the firms.
• Zynga Inc, an American social game developer became the latest victim of ‘Gnosticplayers’ hacker. The threat actor reportedly gained unauthorized access to a massive database containing data of more than 218 million users. Based on sample data shared, the stolen users’ information included names, email addresses, login IDs, hashed passwords, phone numbers, Facebook ID and Zynga account ID of customers.

With over one billion user credentials and personal details stolen from roughly 44 companies, ‘Gnosticplayers’ and his modus operandi is something that every firm should keenly track. In addition, organizations, especially in hotel booking, gaming, delivery service and more, should implement an added layer of security to protect their customers’ details.