Contact Contact Us


The login credentials from 16 compromised websites are now available for sale in the darknet market for a total estimated price of US$20,000 in Bitcoin. The exposed credential database appears to be fresh as most of the breaches took place in 2018. Some exposed credentials are hashed and therefore can only be used after they are cracked. Typically, simple passwords can be easily reversed especially if it is hashed with the obsolete MD5 algorithm. The seller is expected to dump as many as 20 databases and claims to have swiped some one billion accounts by exploiting vulnerabilities in web applications. Stolen credentials can provide legitimate access to a user’s account without triggering security implementations and can result in fraud or identity theft. The leaked credentials can also be used in credential stuffing attacks, targeting users that reuse password across multiple online platforms. Organisations and users should minimally adopt two-factor authentication to protect their account from takeover, and use strong, unpredictable passwords to secure their online identity.

[1] Blue Monday in Infosec: 620 Million Accounts Stolen from 16 Hacked Websites Now for Sale on Dark Web, Seller Boasts

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883