The dark web hosting firm known as Daniel’s Hosting was under cyber attacks since 2018.
In November 2018, Daniel’s Hosting, a dark web hosting service suffered a cyberattack resulting in 6500 of the websites hosted on it to go offline. Although it recovered from that attack, it suffered another one back in March this year when its entire database was deleted.
Following this, the owner, Daniel Winzen decided to shut down the service in its entirety, at least temporarily to see how things work out.
However, just recently, it has been revealed that the entire database has been dumped online by an attacker named KingNull. Uploaded on a file hosting service, the data contains:
- 3,671 email addresses
- 7,205 passwords of user accounts
- 8,580 private keys of dark web domains.
Image source: ZDNet
Although no IP address information was found, the data contains confidential information on both the owners and the users of the respective dark web domains. This naturally presents several challenges for the victims – the good ones & the bad ones.
To start with the good ones, there are many websites on the dark web that are built with the purpose of speaking against oppressive governments in the form of whistleblowing or otherwise (apologies if you thought it was limited to Wikileaks) Yet, if the data of such sites is leaked, their site owners and respective users can be traced and taken revenge off.
Regarding the bad ones consisting of malicious or criminal content, this will help law enforcement agencies not only trace such site owners but also offending users who may have engaged in such activities.
To borrow a bit from our analysis of DH’s previous attack in March, over 450 websites using the host dealt with malware whereas numerous others hosted illegal content in the form of counterfeit products and carding services.
In response, breach monitoring service Under The Breach told ZDNet in a statement that “the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals”.
Nonetheless, a common threat may haunt both of the above. That is, even if these websites were moved to another hosting service, if users continued without setting new passwords, this can make it easier for hackers to tap into their accounts with the help of the hashed passwords obtained from the leak by cracking them.
To conclude, this presents another dark side of the dark web – a lack of security mechanisms to safeguard the very structure on which websites are run there. This, we believe remains a major impediment for small digital businesses who may want to grant their users a safe presence on the dark web but cannot do so for these reasons.
For the time being, no information is available as to whether the leaked data will be indexed on any breach notification service so in the case that one of our readers had any link with Daniel’s hosting, it is recommended that they change their passwords and try to use a pseudonym to avoid getting traced for political activities.