I hadn't seen anything about this, so apologies if old. Received an email from have i been pwned? this morning saying that my details were compromised in a MyFitnessPal breach that occurred last year (143,606,147 accounts affected) and that the data is now up for sale. Upon looking into it further it seems many more sites and apps have been compromised and all of the details are part of this sale too.
The Register — 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
Engadget — Stolen user data from MyFitnessPal and other services hits the dark web
Everyone who might be affected should check if their accounts have been compromised.
EDIT: Here's an excellent guide on securing your accounts.
https://www.resetera.com/threads/th...-changing-some-passwords.94070/#post-16957658
The Register — 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
Exclusive Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove's seller.
For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network:
Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).
Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.
There are a few other bits of information, depending on the site, such as location, personal details, and social media authentication tokens. There appears to be no payment or bank card details in the sales listings.
Engadget — Stolen user data from MyFitnessPal and other services hits the dark web
Most of the passwords are believed to be encrypted and hashed, meaning any buyer will have to crack the encryption to gain access to the accounts. However, because data breaches have become some common, a purchaser could cross-reference email addresses with previous breaches. If a person has reused a password, their account may be compromised. As a precaution, if you've used any of the affected services, it's probably best to change your password.
Everyone who might be affected should check if their accounts have been compromised.
EDIT: Here's an excellent guide on securing your accounts.
https://www.resetera.com/threads/th...-changing-some-passwords.94070/#post-16957658
Last edited: