An entire database from Youku Inc., thanks to an entity known as CosmicDark, landed on the HANSA darknet marketplace for only $300. The database contained usernames and passwords for Youku, one of the largest digital entertainment companies in China. CosmicDark listed 100,759,591 separate accounts and provided a significant number of sample entries for the skeptics.
CosmicDark is less of a household name than than some of the more frequently seen data brokers, hackers, or vendors. However, despite some lack of name recognition, the Hansa vendor currently has 47 active listings. At the time of this article, the listings consisted of gaming forums like the NewSeaSims EA leak, the XP Game Saves database leak, and the WiiIUSO database. The T-Mobile customer leak, via Experian, also appeared under the vendor’s listing profile.
The vendor had listings for BTC-E databases, BitcoinTalk, and even a mega-bundle—a bundle that contained 141 databases with more than two billion user details. In all fairness, many vendors listed the leaked and hacked Bitcoin-related forum databases.
The 2016 hack only recently surfaced, HackRead pointed out. Many questions still remain: if someone hacked Youku in 2016, why did the initial owner of the breached database wait until mid 2017? Did Youku know of the incident in 2016, yet opt against telling customers? And of course, do they know that the email addresses and passwords of their customers are on the Internet even now? No announcement from the company had appeared at the date this was written.
“According to the sample data (552 accounts) provided by CosmicDark, most of the emails are based on @163.com, @qq.com, and @xiaonei.com. It must be noted that based on HackRead’s research the encrypted passwords provided in the sample data have already been decrypted and publically available on the Internet. Also, HaveIbeenpwned, a platform where you can check if your account has been compromised has also confirmed the breach.”
Hansa, these past few months, received some added media attention regarding the numerous database listings. Perhaps the most recent of which wherein a vendor known as “cfnt” dropped 25 VBulletin-based forum databases. Some of which had not implemented a security patch from 2016. DoubleFlag, another darknet entity, listed “Package of 11 Bitcoin database total entries 12.000.000” on the Hansa marketplace. That contained usernames and passwords from BTC-E, Mt.gox, and BitcoinTalk.org, among others. And SunTzu583 similarly released 640,000 Playstation accounts.