Published on 03 Jun 2020 by Charlie
The service, which is claimed to be run by Daniel Winzen who resides in Germany, hosted over 6,500 sites before it was attacked for a second time earlier this year. In the attacks, which are suspected to have been due to a brute force of Daniel's admin account, the attackers made a backup of Daniel's backend database before deleting it from the server.
The deleted databases whereabouts had not been known until the 31st May where a hacker with the moniker “KingNull” uploaded it to GitHub. Contained within this database, which appears to have been accessed on the 26th February, is over 7000 hashed passwords, 3600 email addresses and 8580 private keys. This potentially puts thousands of darknet sites at risk from attacks such as credential stuffing or through use of the private keys to “take control” of the address. However, this risk may not be too severe as it appears as if many of the 6,500 sites have not re-emerged after the attacks.
Amongst the 3600 email addresses are many Clearnet providers such as Gmail and Yahoo which could potentially be used by law enforcement to help link the real-life identities of users to their darknet monikers.
“KingNull” the user responsible for the upload, had links on their profile, directing users to a Clearnet hacking site “Anonops”, which is a hacker collective that communicates via IRC.
Try our Darknet Intelligence/Forensics tool for free, contact firstname.lastname@example.org
20 May 2020
The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.
19 May 2020
Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.