Gnosticplayers hacker is offering in a third round a new set of databases containing millions of hacked accounts from unreported data breaches.

Last week, the hacker who goes by online with the moniker Gnosticplayers disclosed the existence of some massive unreported data breaches in two rounds. The experts offered for sale the huge trove of data for a limited period of time.

Now the same hacker is offering in a third round a new set of databases containing millions of hacked accounts from several websites, like previous ones Gnosticplayers has been made available for sale on the

Dream Market black marketplace.

Early last week , the seller listed a batch of 620 million accounts coming from 16 breached websites including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis. A few days later, Gnosticplayers offered a new batch of 127 million records originated from eight companies.

On Sunday the expert published a third round containing more than 92 million hacked users’ accounts from 8 new websites, including the GIF hosting platform Gfycat.

According to The Hacker News, this round should be the last one, data were stolen from the following 8 hacked websites:

Pizap (Photo editor) — 60 million

(Photo editor) — 60 million Jobandtalent (Online job portal) — 11 million

(Online job portal) — 11 million Gfycat (GIF hosting service) — 8 million

(GIF hosting service) — 8 million Storybird (Online publishing platform) — 4 million

(Online publishing platform) — 4 million Legendas.tv (Movie streaming site) — 3.8 million

(Movie streaming site) — 3.8 million Onebip (Mobile payment service) — 2.6 million

(Mobile payment service) — 2.6 million Classpass (Fitness and Yoga center) — 1.5 million

(Fitness and Yoga center) — 1.5 million Streeteasy (Real estate) — 990,000 (1 million)

Like previous rounds, the hacker is offering for sale stolen archive individually for a total $9,700 worth of Bitcoin.



This third round appears very concerning because none of the companies listed was aware of the data breach of its systems, this means that threat actors could buy them to target the services and their clients in the next days.

The first two round made available for sale 24 collections containing a total of 747 million stolen user credentials, now additional 92 Million fresh accounts were offered for Sale from 8 unreported security breaches,

Pierluigi Paganini

( SecurityAffairs – data breaches, Gnosticplayers)

Share this...

Linkedin Reddit Pinterest

Share On