A threat actor with the alias of “Trollx” has posted over 85,000 MySQL databases for sales in one of Russian-speaking hacking forum.
What appears to be an advertisement on the forum, the hacker has also shared the URL where databases are auctioned. The URL is hn4wg4o6s5nc7763.onion. In order to browse to this website, you will need a TOR browser access.
The advertisement is below:
Based on the above, the hacker also published the hacked database list as well. The complete list can be viewed here.
On the auction website, it appears the concept is quite straightforward – hacked customers are given a unique code through which they can buy their databases.
Organizations who refuse to pay these hackers, their databases are then auctioned on their website as below:
How are they able to gain access to such large number of databases?
Cyble has seen a number of tactics of cybercriminals in mass hacking scenarios such as SQL Injection attacks using dorks and tools such as SQLInject to harvest the data and then deleting them with a ransom note left behind.
Other groups have exploited misconfigured servers to break into the systems such as the group “SQLDB.TO” who breached into a number of companies who accidentally left .env files on the public internet.
People who are concerned about their information exposure can register on Cyble’s data breach monitoring and notification platform, AmiBreached.com, to ascertain the risks at no cost. Also, Android users (Link) and iOS users (Link) can gain full access to it just by downloading the mobile application.
Here are a few ways to prevent cyber-attacks:
- Never click on unverified/unidentified links
- Do not open untrusted email attachments
- Only download media from sites you trust
- Never use unfamiliar USBs
- Use security software and keep it updated
- Backup your data periodically
- Keep passwords unique and unpredictable
- Keep Software and Systems up to date
- Train employees on Cyber Security
- Set up Firewall for your internet
- Take a Cyber Security assessment
- Update passwords regularly
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.