Hacker Selling 1.1 million Lookbook.nu Emails and Plain Text Passwords

Login data of Lookbook’s 1.1 million users is available on the darknet for sale — we are not sure if the targeted company is even aware of the fact that their security may have been compromised.

Dark Net is a strange place where anyone can buy anything from government credentials, drugs or weapons to loads of databases belonging to top online platforms. Recently, we have seen an increase in such offers where hackers have been offering highly confidential data from top social media giants including MySpace, LinkedIn, Twitter, Beautiful People and VK.com.

Now, the latest one open for business is Lookbook.nu, a fashion, youth culture, and community website, created by Yuri Lee in San Francisco. Yes, the same hacker going by the handle of Peace of Mind has been offering login credentials of 1.1 million LookBook users since May 2016.

The offered data includes emails and their clear-text passwords for BTC 0.1519 which is about 102.23 US Dollars. The data has been already sold six times while one of the buyers going by the handle of ”6969” has given their feedback as ”1.1 million users with plain text passwords and their emails, very good for spammers since its Fashion related as well as scams and ofc password reuse!”

Screenshot from the dark marketplace showing lookbook.nu’s data is available for sale!

The data is already out, however, what makes it more damaging is the fact that LookBook lets users login with their Facebook account which leads to a conclusion that the sold data may also include login credentials of Facebook users yet there have been no reports of whether LookBook users were hacked or whether mass Facebook accounts were compromised due to LookBook data. 

Continue with Facebook feature asks the user for their email and password before login to a site

Currently, it is unclear if LookBook was hacked or if it was hacked then when was it hacked and how or if the company’s representatives are aware of the fact that its users’ data has been compromised and available for the public.

Related Posts