Hacker who stole over 600 mn account details, attacks eight more websites again


The hacker, who is responsible for stealing details of almost 620 million users from 16 websites, has struck again and this time 127 million more records from eight more websites were targeted.

The anonymous hacker now has 18 million user records from travel booking e-commerce website called Ixigo and 40 million from live-video streaming site YouNow, which was launched in 2011.

TechCrunch reported that "Houzz, which recently disclosed a data breach, is listed with 57 million records stolen and Ge.tt had 1.8 million accounts stolen."

As per the hacker's listings, Ixigo, headquartered in India's Gurugram, used an outdated "MD5" hashing algorithm to scramble passwords but experts believe that now these days these are very easy to unscramble. However, a spokesperson said that in the case of YouNow, the company doesn't store passwords.

The stolen information includes the name of the account holder, user's email address and passwords.

Prior to this recent cyber breach incident, the hacker claimed that he has user records from several major sites. He also said more than 151 million records from MyFitnessPal and 25 million records from Animoto are under his possession.

It should be noted that the databases, which assure to make life easier for the hackers, can be purchased from the Dream Market cyber-souk, located in the Tor network, for almost less than $20,000 in bitcoin.

Last year, some of the websites, such as MyHeritage, MyFitnessPal and Animoto, warned their users that they had been compromised. Now, other sites also started notifying their customers about the hacks.

When IBTimes Singapore talked to the lead Malwarebytes intelligence analyst, Christopher Boyd about this hack, he said, "Large scale data breaches are sadly becoming a regular occurrence and with each incident, millions of records are exposed online. As with any of these instances, people affected should take note of what's been taken, limit any financial liability by cancelling payment methods, and change passwords. Additionally, they should change any passwords on unaffected services which share the same password or those could be compromised too."

Here are the names of a few sites, which were hacked by the unnamed hacker earlier.

Websites hacked

Number of accounts affected


162 million


151 million


92 million


41 million


28 million


25 million


22 million


20 million

This article was first published on February 15, 2019