Hacker ‘Gnosticplayers’ Returns with 4th Round of Stolen Data on Dream Market

A darknet vendor named Gnosticplayers is selling 26 million records from six companies. This is the fourth in a series of data sales he’s made since February.

After three rounds of selling hacked company data, a Dream Market vendor named “Gnosticplayers” is back with the fourth round of data.

This return resulted in putting up for sale an additional 26 million user records.

The majority of the data the hacker is selling on the dark web was collected by hacking various companies last month.

Gnosticplayers’ Collections of Stolen Data

As a dark web vendor, Gnosticplayers is already a familiar name to authorities.

In February 2019, the vendor put up a batch stolen data for the first time. Within a month, millions of records were offered on the dark web, divided into three batches.

The hacker’s first collection consisted of 620 million accounts stolen from 16 different websites.

Soon after his first auction, unexpectedly, the hacker attacked again, selling a new collection of 127 million records in total. Eight more websites were affected.

Prior to the newest round, the last known batch of hacked data Gnosticplayers put up for a sale included 92.76 million user records.

Eight companies were hit in this release, one of which was the big-name GIF-sharing platform GfyCat.

After his third batch last month, it was unknown whether the hacker would continue hacking companies’ websites and selling their records on the dark web.

Allegedly, he had a wish the authorities were not able to fulfill, so this might be the reason behind the fourth strike.

This time, Gnosticplayers is selling additional 26.42 million records of user data collected from six companies. None of the companies were previously affected by his activities.

The records are listed for $4,940 total, or 1.24 Bitcoin.

Data of Six Companies Affected

On his dark web vendor account, Gnosticplayers has listed the six new companies whose data was stolen.

Among the user records, the customers can find data of a game development platform, a student jobs site, two scheduling apps and an e-commerce giant in Indonesia.

GameSalad, a platform for game development, is the first name on this list. From the company, Gnosticplayers pulled out 1.5 million records that included IP addresses, emails, passwords and usernames.

This collection is valued at .0785 Bitcoin (BTC).

A Brazilian bookshop, Estante Virtual, also made it on the list of the vendor.

Gnosticplayers stole 5.45 million user records from the company, which he is selling for .2618 BTC.

Among the data, you can find users’ emails, phone numbers, passwords, names and usernames.

Coubic is the third company on the list. From this scheduling software provider, the hacker managed to pull out 1.5 million records including emails, passwords and names.

The collection’s price is .157 BTC.

The data collected from LifeBear, a Japanese scheduling app, is put up for .2618 Bitcoin, including 3.86 million files that contain usernames, emails, passwords, app settings and event details.

Gnosticplayers hit Bukalapak the hardest in this fourth round. Stealing 13 million user accounts from this Indonesian e-commerce giant, he listed the data for .34 Bitcoin on Dream Market.

Among the information, emails, names, usernames, password hashes, IP addresses, shopping details and more can be found.

Last on the list was an Indonesian student career website YouthManual. From the company, Gnosticplayers pulled out 1.12 million files that he is selling for .144 Bitcoin.

The data contains emails, names, password hashes, education, hobbies and more.

The Distinctness of the 4th Batch

In the previous rounds, most of the companies whose data the hacker stole and sold, confirmed breaches.

Due to this, ZDNet reached out to the companies that have allegedly been attacked in this fourth round.

On ZDNet’s request to comment, LifeBear and Coubic were the two companies that confirmed they are investigating the breaches.

While the round four seems similar to the previous Gnosticplayers’ attacks, it still is very different from the rest.

What makes this batch distinctive is the fact the user records that were put up for a sale in this round were obtained during last month’s hacks.

To ZDNet, the hacker disclosed the files are offered primarily because none of the companies learned that stronger encryption algorithms are needed to protect passwords.

According to him, this is something all of the companies failed to do.

Gnosticplayers also stated that this round is different from the previous three because he does not have the same target anymore.

While his former goal was to steal and sell over one billion user records so he can retire and run away with the money, after seeing other hackers have already done that, he gave up on this aim.

The Dream vendor also disclosed he is not selling all the data he has acquired. He stated that with some companies, he came to an agreement.

The hacker says he will not publish databases from the companies that compensated so the breaches would stay private.