Hacker steals databases from breach monitoring site; sells them online