A hacker going by the name of Gnosticplayers has put up for sale another set of hacked databases on a Dark Web marketplace.

This is the third round of hacked databases the hacker has published on the Dark Web marketplace known as Dream Market. He previously posted a batch of 16 databases containing the data of 620 million users and a second batch of eight databases with the data of 127 million users.

Today, the hacker published eight more hacked DBs containing data for 92.76 million users. The biggest name in today's batch is GfyCat, the famous GIF hosting and sharing platform. The hacker is selling each database individually on Dream Market. Together, all eight are worth 2.6249 bitcoin, which amounts to roughly $9,400.

In an interview with ZDNet on Friday, Gnosticplayers took credit for the hacks and denied being just an intermediary.

The hacker says he intends to sell over one billion user records and then disappear with the money. His current total stands at roughly 840 million records.

"My two main goals are: -money -downfall of American pigs," he told us.

New leaks are coming, including one from a cryptocurrency exchange, the hacker told ZDNet.

The eight companies whose data Gnosticplayers put up for sale today are listed below:

Company

DB size Breach date Price Content Legendas.tv (movie sharing service)

3.86 Mil

2017/10

฿0.35

username, password (cleartext), email, IP address

Jobandtalent (job portal)

11 Mil

2018/02

฿0.4669

id, email, SHA1 encrypted password, password salt, first name, surname, current IP address

Onebip (mobile payment platform)

2.6 Mil

2017/10

฿0.2626

user ID, name, email, password (cleartext), address, company info, phone number, PayPal info, banking info, login logs, API key, and other

StoryBird (storytelling service)

4 Mil

2015

฿0.2334

email, password (SHA256), username, other

StreetEasy (real estate)

1 Mil

2018/05

฿0.175

username, email, password hash (SHA1) and salt, other

GfyCat (GIF image hosting)

8 Mil

2018

฿0.35

username, password hash (SHA512), email, other

ClassPass (fitness service)

1.5 Mil

2018

฿0.204

email, password hash (SHA1), username, country, sex, full name

Pizap (online photo editor)

60.8 Mil

2018

฿0.583

Facebook user ID, password hash (SHA1 / not for all), email address, other



Image: ZDNet

None of the eight companies listed in Gnosticplayers' ad had previously disclosed a data breach. ZDNet has sent requests for comment to the eight companies. We will update the article with any information we get back. However, many of the companies whose data the hacker has put up for sale in the past week have already admitted to suffering security breaches, making very likely that the data he's selling today is also legitimate.

In addition, each listing was also accompanied with the following message:

George Duke-Cohan is a young and talented boy, instead of giving him a chance, the UK govt sends him to prison for three years.

Now, he's been told by the American government, that he faces 65 years for the offense he was already sentenced to three years in the UK. It means he will be judged twice ??

May this upcoming release of dumps serve as a reminder:

When countries claim to respect their citizens, they have duty protect them. I wouldn't be surprised whether George Duke-Cohan ends his life, the UK gov already destroyed him and doing this is like sentencing him to death.

If he is not given a fair justice during the upcoming days, weeks, years, more data will be released....

George Duke-Cohan is a UK national who is part og the Apophis Squad hacking crew. He was arrested last summer and sentenced to three years in prison last December.

UPDATE: GfyCat told ZDNet that they have started an investigation into the hacker's claims.

"We can also confirm that any account databases are strongly encrypted and salted, so no plain text passwords would be in any compromised data," a spokesperson told us via email today.

A ClassPass spokesperson also told us they've launched an investigation. OneBip also started an investigation, and provided the following statement.

"Please rest assured that between 10/2017 and today there have been several improvements made on the security side independently from this claimed data breach. We have already informed our customers about this, and precautionary measures have already been initiated," OneBip said.

More data breach coverage: