These websites include some notable ones such as Sitepoint.
In 2020, we saw hundreds of data breaches across different sectors with the most being done particularly by a threat actor named Shiny Hunter. With 2021 just starting, we have the news of another one albeit by a different actor this time.
The breach in question concerns the data of 26 companies and is being sold on an infamous blackhat forum.
These websites include some notable ones such as Sitepoint.com. However, it is worth noting that the data breaches of 21 of these websites are already known and only 7 of them are new ones.
Furthermore, interested buyers can purchase the data of individual databases after reviewing samples rather than all of them in amounts ranging from $1800-$4000 through Bitcoin.
On the other hand, it is important to recognize that the data involved is huge and is estimated to number over 368 million users records endangering a lot of people.
As for the security of the databases, various encryption methods were used such as MD5 and SHA512 while some were in plaintext or had no password.
Analyzing the newly breached websites, BleepingComputer talked to various of them amongst which MyON.com stated that the private data of their students had not been leaked whereas another site named Chqbook.com said that they weren’t breached in the first place.
Another site named TeeSpring has started investigations into the allegation and there is yet to be any confirmation.
To conclude, if you are a user of such a website, it is important that you change your login credentials and furthermore be on the lookout for any social engineering attack attempts.
A good practice is that regularly change your passwords, perhaps, after every 3-6 months. In order to reduce external risks only signup with websites that guarantee to store your data in encrypted format.