< Back to Searchlight Blog

Hacked Daniel's hosting database released.

Published on 03 Jun 2020 by Charlie

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.

The service, which is claimed to be run by Daniel Winzen who resides in Germany, hosted over 6,500 sites before it was attacked for a second time earlier this year. In the attacks, which are suspected to have been due to a brute force of Daniel's admin account, the attackers made a backup of Daniel's backend database before deleting it from the server.

The deleted databases whereabouts had not been known until the 31st May where a hacker with the moniker “KingNull” uploaded it to GitHub. Contained within this database, which appears to have been accessed on the 26th February, is over 7000 hashed passwords, 3600 email addresses and 8580 private keys. This potentially puts thousands of darknet sites at risk from attacks such as credential stuffing or through use of the private keys to “take control” of the address. However, this risk may not be too severe as it appears as if many of the 6,500 sites have not re-emerged after the attacks.

Amongst the 3600 email addresses are many Clearnet providers such as Gmail and Yahoo which could potentially be used by law enforcement to help link the real-life identities of users to their darknet monikers.

“KingNull” the user responsible for the upload, had links on their profile, directing users to a Clearnet hacking site “Anonops”, which is a hacker collective that communicates via IRC.

Screenshot showing the users Github profile

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

03 Jun 2020

Hacked Daniel's hosting database released.

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.

Read more...

26 May 2020

Update on the effects of COVID-19 on the Darknet

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.

Read more...

20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.

Read more...

19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.

Read more...