Hacker Selling 68 Million Stolen Dropbox User Accounts on Dark Web; BitcoinTalk forum data also for sale

I had seen the listing on TheRealDeal, but not having time to try to verify its authenticity, skipped it. Thankfully, Waqas of HackRead investigated and verified some of the data:

On 31st August 2016, unknown hackers leaked 68 million Dropbox user accounts including login emails and encrypted passwords from a breach that took place in 2012. Initially, the leaked data was accessible to several breach notification sites such as Hacked-DB, LeakedSource, and HaveIbeenPwned, but now a vendor going by the online handle of “DoubleFlag” is selling the same DropBox data on a dark web marketplace known as TheRealDeal.

Read more about what he found on HackRead.

Update: The same vendor (“doubleflag”) has listed the BitcoinTalk.org forum database for sale in the same marketplace. The description of the listing:

sha256crypt (469,540) & SMF (44,868)
Data of database
ID_MEMBER:memberName:emailAddress:personalText:gender:birthdate:websiteTitle: websiteUrl:location:ICQ:AIM:YIM:MSN:regIP:passwd:passwordSalt
leak date 2015-05

DataBreaches.net has made no attempt to try to verify the authenticity of the data, but I imagine someone else will. 🙂

Update 2: See HackRead’s coverage of the BitcoinTalk database listing.

About the author: Dissent