DataViper, a breach monitoring site is owned by cybersecurity researcher Vinny Troia who vows to expose real-life identities of prominent dark web hackers in the upcoming conference.
Many cybersecurity firms today host online data breach monitoring services which let users know if their data has been leaked somehow. They do so by collecting hacked databases from both across the dark web and surface web comprising of underground forums, Pastebin sites, and other possible avenues.
Then, when a user makes a query to check if they have been compromised, the user’s email address or username is searched through these databases to identify if any leaked records exist. One such service is DataViper which is run by Vinny Troia from a cybersecurity company named Night Lion Security.
In relation to this, today, a hacker ironically named Night Lion has leaked 8,225 databases from DataViper alleging that they maintained access to the company’s servers for 3 months while collecting the data.
A dark web domain was even sent to numerous researchers that contain details of the breach. Alongside, 482 JSON files which have samples of the data were also provided as proof of the incident.
To reap reward, the top 50 databases in terms of size were subsequently posted for sale on Empire, a dark web marketplace by the hacker as shown in the photo below:
A twist in this entire mess though is that the hacker has claimed that Vinny Troia – the owner – sold the data, something which has been strongly rejected by the accused on Twitter associating the attacker with several hacking groups.
2) Re the ”sale” of data, a little research will show that most of these items are old /were turned into @troyhunt months ago. All the data either came from #GnosticPlayers, @sh_corp or NSFW, who happen to all be the same group. For those interested to know how, see you Wed!
— Vinny Troia, PhD (@vinnytroia) July 12, 2020
Moreover, he has clarified that most of the databases had already been out in the open with the hacker supposedly selling their own databases. This statement was reiterated by him to ZDNet on a phone call stating that one server had been penetrated by the attacker but it was of little use since it happened to be a test instance.
Talking about the incentives behind this leak announcement, he pinned the blame on an attempt to tarnish his reputation, especially when he’s due to give a talk on Wednesday at a security conference where he plans to reveal the real-world identities of some of these hacking groups.
For anyone looking for a public statement about Data Viper. This “hack" only proves that i have struck a nerve and my talk next week is spot on. As for anything "stolen”, nothing was. All that was accessed was an old dev server. Databases? Nope.
— Vinny Troia, PhD (@vinnytroia) July 12, 2020
To conclude, we will see in the coming days how this unfolds and who is on the right. For now, a precautionary measure may be to check if your information is safe through another data breach service. The reason is that even if only a few new databases may have been leaked, they can harm your security if your data was a part of it.
Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.