On January 1, 2020, a data broker began selling 368.8 million stolen user records collected from twenty-six companies on a hacker forum.
When attackers breach a company and steal their databases, they often work with data breach brokers. These are individuals who market and sell the stolen data on their behalf. They create posts on hacker forums and dark web marketplaces to profit from the stolen data.
BleepingComputer reports that in their conversation with the data broker, data stolen from Teespring is being sold for $3,800-$4,000, MyON for $2,00, and Chqbook for $1,800. Pricing for the other databases has not yet been determined. Here is a full list of companies whose breached data is up for sale and the number of records included for each.
| Company | Number of Records Breached |
|---|---|
| Accuradio.com | 2.2 million |
| Anyvan.com | 4.1 million |
| Bigbasket.com | 20 million |
| Cermati.com | 2.9 million |
| Chqbook.com | 1 million |
| Clickindia.com | 8 million |
| Eventials.com | 1.4 million |
| Everything5pounds.com | 2.9 million |
| Fotolog.com | 33 million |
| Geekie.com.br | 8.1 million |
| Hybris.com (SAP.com) | 4 million |
| Juspay.in | 100 million |
| Knockcrm.com | 6 million |
| Mindful.org | 1.7 million |
| ModaOperandi.com | 1.2 million |
| MyON.com | 13 million |
| Netlog.com (Twoo.com) | 53 million |
| Pizap.com | 60 million |
| Reddoorz.com | 5.8 million |
| Reverbnation.com | 7.8 million |
| Singlesnet.com | 16 million |
| Sitepoint.com | 1 million |
| Teespring.com | 8.2 million |
| Wahoofitness.com | 1.7 million |
| Wedmegood.com | 1.3 million |
| Wongnai.com | 4.3 million |
What Should I Do If I Use One Of These Sites?
If you used one of these sites, it’s important that you take action right away to protect yourself. While these lists have not yet been sold, they are already in the hands of hackers and a data breach broker. This means that your information is already available for others to use.
Change Your Password. If you have an account on one of these sites, immediately change your password to one that you have never used before and one that you do not use on another website. If you used the same password on other websites, you should also change your passwords on those sites as well. If you aren’t sure how to create a strong, but memorable password, check out our guide How to Create a Strong Password That You Will Remember to learn how.
Determine Exactly What Information Was Breached. To learn exactly what information was breached, contact the company with whom you had an account. They can let you know what information was involved in the breach, any “next steps” you should take, as well as any offers they have to help you protect your data.
Fully Understand What to Do When Your Information is Breached. Depending on the type of information that was breached, you may need to take different steps. If you aren’t sure what steps you should take, our guide I've Been Breached: A Step By Step Guide to Protecting Your Data offers a great starting point.
Sign up for Data Breach Monitoring.__ When your information is involved in one breach, the likelihood of your information being involved in another breach increases. In order to stay ahead of this and other data breaches, you should use data breach monitoring to alert you of future breaches.
