Hacker Selling 1 Billion user accounts stolen from Chinese Internet Giants

A dark web hacker is selling billions of accounts stolen from Chinese Internet giants and it poses a threat to unsuspecting users.

A Dark Web marketplace is where you can buy anything from illegal drugs to weapons and several other products including digital goods. In a recent listing, a well known dark web vendor going by the handle “DoubleFlag” is selling data stolen from several Chinese Internet giants.

According to the listing, the data belongs to companies such as NetEase Inc and its subsidiaries 126.com, 163.com, and Yeah.net. Tencent Holdings Limited owned QQ.com, TOM Group’s Tom.com 163.net, Sina Corporation’s Sina.com/Sina.com.cn, Sohu, Inc.’s Sohu.com and Letter Network Information Technology Co., Ltd owned eYou.com.

NetEase data

NetEase, Inc, a Chinese Internet technology company that provides online services focusing on content, communications community and commerce.163.com is the official website of NetEase while 126.com is a popular Chinese email provider and a subsidiary of NetEase. The hacker is selling 143,725,840 accounts from 126.com, 1074,795,268 accounts stolen from 163.com and 163.net, 91,239 from vip.163.com domain respectively.

NetEase’s Yeah.net data

Yeah.net is another domain owned by NetEase providing email services to the users. Although the domain is widely used for phishing scams, the hacker has now access to its 3,281,420 accounts which are now available for sale.

Tencent Holdings Limited’s QQ.com data

QQ is a famous instant messaging software service also recognized for providing a variety of services, including music, microblogging, voice chat, online social games, movies, and shopping. The data available for sale belongs to their primary QQ.com domain and the total number of user accounts are 126,936,489 and 2.759.960 from vip.qq.com.

Sina Corporation’s Sina.com data

Sina is a famous Chinese online media company known for its Sina Weibo server, a Twitter-like microblog social network or a Chinese version of Twitter. Sina.com itself is the largest Chinese-language web portal with overall registered users numbering more than 100 million. The total number of user accounts offered by DoubleFlag is 31,037,726 stolen from sina.com and sina.com.cn domain.

Sohu, Inc.’s Sohu.com data

Sohu, Inc. is yet another Chinese Internet company offering a search engine, advertising, on-line multiplayer gaming, and other services. Sohu was also responsible for creating and handling the official website of the Beijing 2008 Olympic Games.

The data which is being sold was stolen from Sohu.com and contains accounts of 23,198,610 users. The hacker is also selling 236,169 accounts taken from sogou.com (Sogou search engine), a subsidiary of Sohu, Inc. founded on 9 August 2010.

TOM Online’s Tom.com data

TOM Online is a mobile Internet company in China, operating the popular Chinese-language Internet portal (www.tom.com) and offering a variety of online and mobile services, including wireless internet and online advertising. The hacker is selling 8,258,839 user accounts stolen from their primary domain Tom.com.

Letter Network Information Technology Co., Ltd.’s eyou.com data

Eyou or eyou.com is a Chinese-based webmail service which has been targeted by DoubleFlag, and the total number of user accounts available for sale are 1,516,976.

SK Communications Co., Ltd.’s Nate.com data

Nate.com is a South Korean web portal, developed by SK Communications. Nate also owns a social media site Cyworld. However, DoubleFlag is selling accounts of 574,258 users stolen from Nate.com. Remember, Nate is one of the most visited websites in S.Korea.

In the listing description, DoubleFlag has mentioned that some above-mentioned accounts come with plaintext while some of them come with MD5 hashes which are very easy to crack. The total number of plain text and MD5 accounts has not been mentioned but according to the same listing, the total number of accounts on sale is one billion eight hundred forty-five million six hundred six thousand six hundred twenty-seven (1,845,606,627) from October 2015.

The data leak has been labeled as “The Big Asian Leak.”

Screenshot from the marketplace where data is being sold.

In the same listing, DoubleFlag is also offering other user accounts he claims to have stolen from Yahoo.co.jp, Yahoo.com.cn, yahoo.com.tw, Gmail.com, China’s Hotmail, MSN, and Live accounts. The total number accounts being offered from all three Yahoo domains is 23,590,165, 17.928.531 Hotmail accounts, 3.371.754 Gmail accounts, 1.098.274 MSN accounts, and 407.423 Live accounts.

History of DoubleFlag and his listings on the Dark Web marketplaces:

In 2016, when the trend of selling databases on the Dark Web marketplaces started to grow, several vendors came up with high-profile data such as AdultFriendFinder, Dropbox, LinkedIn, MySpace, and Twitter, etc. The one vendor who came up with non-stop data was DoubleFlag. In the last couple of months, the databases uploaded by him for sale included Brazzers, Epic Games, ClixSenseuTorrent Forum, Mail.ru, Yandex.ru, BitcoinTalk.org, Dropbox and even 203,419,083 accounts from Experian plc, a major credit reference agency with operations in 40 countries. Although Experian denied that their servers were ever breached by hackers the alleged data is still available for sale for just BTC0.8873 (USD 800.00).

Is the ‘The Big Asian Leak’ data legit?

As mentioned above, Experian categorically denied that their servers were ever breached leaving a question mark on other listings uploaded by DoubleFlag. However, looking at his Feedback Ratings on the marketplace there hasn’t been a single negative rating of his 60+ successful sales.

Also, since DoubleFlag is not responding to my sample data request, therefore, it’s up to these companies to examine and confirm if their servers were recently or previously breached.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts