Dark Web hacker selling 92M new accounts on Dream market

Dark Web hacker selling 92M new accounts on Dream market

The dark web hacker “Gnosticplayers” has quickly made a reputation for his high-profile data breaches and for selling user data on the infamous Dream marketplace. A couple of days ago the hacker was selling 126 million accounts stolen from new data breaches and now, the same hacker is back with another list of compromised websites which is another blow to victims.

How much?

This time, Gnosticplayers is selling a whopping 92 million user accounts stolen from 8 hacked websites. The data includes much more than emails and passwords and it is all available for buyers to get their hands on for Bitcoin depending on the worth of the compromised website.

Who are the victims this time?

Although the real victims of this data breach are those who trusted these websites with their data, here is a list of targeted websites:

  • Legendas.tv
  • JobandTalent
  • Onebip
  • Storybird
  • StreetEasy
  • Gfycat
  • ClassPass
  • piZap

Legendas.tv (3 million+ — BTC 0.349 ($1248)

Legendas.tv is a popular Brazilian entertainment website allowing users to download subtitles for movies and TV shows. The word Legendas means Subtitles in Brazilian Portuguese. 

Legendas.tv is one of the eight sites that have been compromised by Gnosticplayers and its data is now available for sale on Dream Dark Web marketplace.

A look at sample data revealed that the database was dumped in October 2017 however the date of Legendas.tv’s data breach is unclear. The current price for this database is BTC 0.349 ($1248) and offers usernames, emails and clear text passwords of more than 3 million users.

Dark Web hacker selling 92M new accounts on Dream market

JobandTalent (11 million+ — BTC 0.465 ($1664)

JobandTalent is a Spain-based job-matching marketplace that matches candidates to the right jobs and companies to the employees. Today, the company is in the news because it suffered a massive data breach in which 650MB of data was stolen and dumped on the Internet in February 2018.

A look at sample data shows that the data is currently being sold for BTC 0.465 ($1664) and includes first names, surnames, email addresses, and passwords hashed with the Sha1 algorithm. The number of victims goes beyond 11 million.

Dark Web hacker selling 92M new accounts on Dream market

Onebip (2 million — BTC 0.2617 ($936)

Onebip is Italy Italy-based payment solution for digital merchants and app developers, therefore, this breach is of high significance. According to Gnosticplayers’s listing, Onebip suffered a data breach in which its data was leaked in October 2017.

The database is currently being sold for BTC 0.2617 ($936) and contains a treasure trove of data belonging to more than 2 million users including full names, job titles, country codes, State, city, physical addresses, zip codes, company names, country name, fiscal code, bank name and address, name of bank account holder, account number, account’s swift code, IBAN, PayPal ids, registration date, last login and number of login attempts, etc.

What’s worse is that the database also contains emails and clear text passwords which means buyers can log in to Onebip accounts unless the company allows users to enable 2FA.

Dark Web hacker selling 92M new accounts on Dream market

Storybird (4 million — BTC 0.2326 ($832)

Storybird is also a popular website allowing kids and adults to discover their talents in writing. However, the bad news is that Storybird is also on the list of compromised websites.

A look at sample data shows Storybird suffered a data breach in 2015 and the stolen data included email, password hash, username, etc. In total, the number of targeted victims goes up to 4 million while the price of the database is BTC 0.2326 ($832).

Dark Web hacker selling 92M new accounts on Dream market

StreetEasy (1 million — 0.1745 ($624)

StreetEasy is a highly popular New York City’s leading real estate marketplace and the company’s site is also among the list of compromised websites. A look at sample data revealed that StreetEasy’s data was dumped on the Internet in May 2018 which included username, email, password hash, salt, etc.

The database which contains 1 million user accounts is currently being sold for BTC 1745 ($624).

Dark Web hacker selling 92M new accounts on Dream market

Gfycat (8 million — BTC 0.349 ($1248)

Gfycat is a popular user-generated short video hosting company also known as a pioneer of the video alternative to the GIF revolution in 2013. However, Gfycat suffered a data breach in 2018 and now its data is being sold for BTC 0.349 ($1248).

The total number of stolen accounts is more than 8 million (1GB database) and includes username, email and password hashes.

Dark Web hacker selling 92M new accounts on Dream market

ClassPass (1.5 million — BTC 0.2036 ($728)

ClassPass is a monthly fitness membership that allows you to access thousands of different classes at studios and gyms in any ClassPass city. However, ClassPass’ website was hacked in 2018 and now Gnosticplayers is selling 1.5 million ClassPass accounts for BTC 0.2036 ($728).

The sold data includes email, password hash, username, country, sex, and full name.

Dark Web hacker selling 92M new accounts on Dream market

piZap (65 million — BTC 0.581 ($2080)

piZap is a popular online Photo Editor website which suffered a data breach in 2018 allowing hackers to steal a 4GB database containing a whopping 60 million user accounts.

The data is now being sold on the Dark Web marketplace for BTC 0.581 ($2080) and includes Facebook user ID, password hash and email address.

Dark Web hacker selling 92M new accounts on Dream market


Previously, Gnosticplayers claimed that the sole purpose of these data breaches was to put Pakistan in the timeline and give a positive image of the country. Still, now according to the description on sample data, the hacker is protesting the arrest of George Duke-Cohan, a teen who was arrested for a DDoS attack on ProtonMail and making fake bomb threats.

Cohan was arrested by the United Kingdom’s National Crime Agency however he is also wanted by the US authorities over cyber attacks. Although Cohan was sentenced to 3 years in prison his prison term in the US was extended by 65 years.

“George Duke-Cohan is a young and talented boy, instead of giving him a chance, the UK govt sends him to prison for three years. Now, he’s been told by the American government, that he faces 65 years for the offense he was already sentenced to three years in the UK. It means he will be judged twice?,” Gnosticplayers wrote in their message.”

Gnosticplayers is also vowing to release more data “if Cohen is not given a fair justice.”

“May this upcoming release of dumps serve as a reminder: When countries claim to respect their citizens, they have duty protect them. I wouldn’t be surprised whether GeorgeDuke-Cohan ends his life, the UK gov already destroyed him and doing this is like sentencing him to death. If he is not given a fair justice during the upcoming days, weeks, years, more data will be released,” Gnosticplayers threatened.

List of previous data breaches carried out by Gnosticplayers

  1. Ge.tt
  2. ixigo
  3. Roll20
  4. Houzz
  5. Coinmama
  6. YouNow
  7. PetFlow
  8. Stronghold Kingdoms

In the above-mentioned list, Gnosticplayers was selling 126 accounts while in the below-mentioned list, the total number of sold accounts was 620 million.

  1. Dubsmash — 162 million accounts
  2. MyFitnessPal — 151 million accounts
  3. MyHeritage — 92 million accounts
  4. ShareThis — 41 million accounts
  5. HauteLook — 28 million accounts
  6. Animoto — 25 million accounts
  7. EyeEm — 22 million accounts
  8. 8fit — 20 million accounts
  9. Whitepages — 18 million accounts
  10. Fotolog — 16 million accounts
  11. 500px — 15 million accounts
  12. Armor Games — 11 million accounts
  13. BookMate — 8 million accounts
  14. CoffeeMeetsBagel — 6 million accounts
  15. Artsy — 1 million accounts
  16. DataCamp — 700,000 accounts

For now, the only advice we can give is to change your email password, and the password on the account on the breached sites and contact your bank to inquire about any suspicious transaction that took place using your credit card data. Moreover, change the password for your social media accounts as well.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts