Dark Web hacker selling 126M accounts stolen from new data breaches

A dark web hacker going by the online handle of “Gnosticplayers” is selling a massive trove of user data stolen after compromising websites of several popular companies. The data which amounts to over 126 million accounts includes emails and passwords, etc. and is currently available on the dark web’s infamous Dream marketplace.

Who’s involved?

The companies involved in the breach include:

  • Ge.tt
  • ixigo 
  • Roll20
  • Houzz
  • Coinmama 
  • YouNow
  • PetFlow
  • Stronghold Kingdoms

Read: 773 million records with emails & plain text passwords leaked online

With that in mind if you are into gaming here is the best DNS server for gaming

Ge.tt (1.83 million accounts – BTC 0.1609 ($572)

Ge.tt is a file-sharing Denmark based website home to over 5,588,934 users. The service lets users signup and share files for both free and premium options. Gnosticplayers told HackRead that he was able to breach the site’s security and steal account credentials of 1.83 million users including full name, emails, passwords hashed with Sha256 algorithm (easy to crack), Twitter and Facebook access tokens.

A look at sample data revealed the Ge.tt’s database was stolen in December 2017.

Ixigo (18 million accounts – BTC 0.263 ($936)

ixigo is a popular travel and hotel booking e-commerce website based in India. The hacker told HackRead that he managed to steal over 18 million accounts from ixigo as breaching its security was a piece of cake. The stolen data according to Gnosticplayers include full name, gender, email, passwords hashed with the md5 algorithm (easy to crack), Facebook URLs, IP addresses while for some users the data also includes passport names and ID number.

A look at sample data revealed that the data breach took place on 1st January 2019. In total, Gnosticplayers managed to steal 7.23 GB of data from ixigo’s website.

Roll20 (4 million accounts – BTC 0.0585 ($208)

Roll20 is a famous website consisting of a set of tools for playing tabletop role-playing games, also referred to as a virtual tabletop. The site was launched in 2012 after a successful Kickstarter campaign however now, Gnosticplayers is claiming to steal 759MB of data containing 4 million user accounts.

The stolen data includes names, emails, passwords, roles, web search, device details and tons of other data. A look at sample data revealed that the data breach took place on 1st January 2019.

Houzz 57 million accounts – BTC 2.927 ($10400)

Houzz is a California based website and online community about architecture, decorating, interior design, landscape design, and home improvement. Gnosticplayers, on the other hand, is claiming to steal 7.9 GB of data containing over 57 million Houzz user accounts.

The data includes names, account registration date, emails, and passwords hashed with Sha256 algorithm. A look at sample data revealed that the data breach took place on 1st July 2018.

Coinmama 486,297 accounts – BTC 0.351 ($1248)

Coinmama is an online marketplace allowing cryptocurrency users to buy Bitcoin and Ethereum with a credit card. In this breach; the hacker has managed to steal over 486,297 user accounts with emails and hashed passwords. On this listing, Gnosticplayers has promised to provide 70,000 cracked hashes.

A look at sample data revealed that the data breach took place in August 2017. If legit, this can be a massive blow to the company.

YouNow 40 million accounts – BTC 0.1317 ($468)

YouNow is a live broadcasting service where users stream their own live video content or interact with the video streams of other users in real time. However, this time the company is making headlines for all the wrong reasons as Gnosticplayers is selling over 40 million user accounts containing first name, last name, email addresses, both remote and real IP addresses, links to Facebook, Instagram, Google, and Twitter ID.

See: World’s largest data dump surfaces on the web with 2.2 billion accounts

The good news is that the data dump does not include passwords apparently because the company uses a separate server for storing passwords. A look at sample data revealed that the data breach took place in October 2017 while the file size for the stolen data is 1.3GB.


Stronghold Kingdoms (5 million accounts – BTC 0.2927 ($1040)

Stronghold Kingdoms is a Massively multiplayer online real-time strategy game video game developed by Firefly Studios. A look at the sample data shows that the breach took place in September 2018 where hacker managed to steal 610MB containing over 5 million user accounts. The data offered by hacker includes username, email, plaintext password and date of birth, etc.

PetFlow (1 million accounts – BTC 0.1769 ($634.4)

PetFlow is a Cat and Dog food delivery service owned by Phillips Feed Service, Inc. The bad news is that it is also among the list of targeted websites. A look at sample data provided by Gnosticplayers shows that the breach took place in 2017 while the database contains 200MB of data with 1 million user accounts.

The data is currently being offered for BTC 0.1769 ($634.4) and includes emails, usernames, password hashed with MD5 algorithm cracking of which is considered as a piece of cake. Moreover, the PetFlow database also contains credit card data encrypted with Advanced Encryption Standard (AES).

Who and why?

Although the aforementioned list carries a massive amount of data it is unclear who Gnosticplayers really is. In an exclusive conversation, the hacker claimed to be a Pakistani citizen fighting to put a positive image of Pakistan and teaching a lesson to its enemies.

“The message is clear, the image the world has of Pakistan is unfair Whereas Pakistani people are the most wonderful people and did nothing wrong. They are persecuted all over the world and people tend to associate this with the whole country. this is false,” Gnosticplayers told HackRead.

Gnosticplayers and previous data breach

This is not the first time when Gnosticplayers has come up with a whopping amount of data. Last week, the hacker was selling over 617 million accounts obtained from 16 compromised websites. The list of those targeted websites is available below:

  • Dubsmash — 162 million accounts
  • MyFitnessPal — 151 million accounts
  • MyHeritage — 92 million accounts
  • ShareThis — 41 million accounts
  • HauteLook — 28 million accounts
  • Animoto — 25 million accounts
  • EyeEm — 22 million accounts
  • 8fit — 20 million accounts
  • Whitepages — 18 million accounts
  • Fotolog — 16 million accounts
  • 500px — 15 million accounts
  • Armor Games — 11 million accounts
  • BookMate — 8 million accounts
  • CoffeeMeetsBagel — 6 million accounts
  • Artsy — 1 million accounts
  • DataCamp — 700,000 accounts

Credit card data at risk

When asked if the stolen data includes credit card data and social media access tokens the hacker confirmed to HackRead that not only they have credit card data for 8fit users but Facebook access tokens are also among the stolen data. Furthermore, the Dubsmash data according to hacker contains phone numbers of 45 million users – What’s worse is that Gnosticplayers plans to sell it all.

Are these breaches legitimate?

A look at the review section of Gnosticplayers’ listing on the Dark Web Dream marketplace it can be assumed that these data breaches contain legitimate user data. For instance, there are 30 five star reviews highlighting the fact that buyers got what they expected and what they hacker claimed. Therefore, if you have an account of any of the aforementioned websites you are at risk. 

For now, the only advice we can give is changing your email’s password, the password on the account on the breached sites and contacting your bank to inquire about any suspicious transaction that took place using your credit card data. Moreover, change the password for your social media accounts as well.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Related Posts