On June 1 and June 10, the threat actor released two databases containing a total of 150 GB of unpacked SQL files, Lucy Security reveals. The offered files include a broad range of personal data, including full names and phone numbers, emails, usernames, hashed and non-hashed passwords, IP addresses, and physical addresses, along with other information.
“The entity who collected and shared the databases on the dark web claims to have gathered these so-called 'private' databases without having committed any hacking by themselves, yet they also claim to possess even more databases, which they are planning to share or sell to the highest bidder,” Lucy Security says.
The targeted websites appear to have less than one million visitors each, based on their Alexa rankings, the security firm also notes.
The Lucy researchers who analyzed the databases reveal that the collection contains entire SQL dumps of the targeted sites, dated between 2017 and 2020. According to them, roughly 14 million users are impacted. The researchers also identified 14 governmental sites in the collection. These belong to Ukraine, Israel, UK, Belarus, Russia, Lebanon, Rwanda, Pakistan and Kyrgyzstan.
Lucy says that the new data does not appear to be linked to Collection #1, the massive collection of 773 million records that were amassed from different sources and was shared online in January last year. “This is an entirely new threat; none of the databases were known to the public before,” Lucy says.