Another Massive Chunk of 127 Million Stolen User Records Up for Sale on The Dark Web

Last week we reported that an anonymous cybercriminal was selling the information of approximately 620 million users on the Dark Web. The data compilation consisted of user records allegedly stolen from sixteen websites that include well-known names such as MyFitnessPal, MyHeritage, and Whitepages. Most of the affected companies confirmed the stolen information is legit.

Just a few days later, the very same hacker, uploaded a new batch of additional 127 million records stolen from more than a dozen other brands. This time the affected companies are Houzz, YouNow, CoinMama, ixgo, Stronghold Kingdom, Roll20,, Petflow, Pizap, Gfycat, Storybird, Jobandtalent,, and OneBip, ClassPass, and StreetEasy. The stolen credentials include passwords, emails, usernames, IP addresses, location, etc. Currently, there is no evidence that banking details, social security numbers, and passport numbers are included in the data breach.

Similar to the leak reported last week, the information in the latest batch of stolen information consists of more than then separate hacks that have happened over the last few years. However, most of the affected entities have not yet publicly announced that their servers have been breached, nor they have forced their user database to change passwords.

However, there are a couple of exceptions – Houzz, the website and online community about architecture, interior design and decorating, landscape design and home improvement, acknowledged the breach. And we don’t blame them, nearly half of the records included in the stolen data compilation is of their user database. The second company that publically spoke about the breach is YouNow whose users add for approximately 40 million records out of the 127 million pool.

It is currently unknown how many times has the data been purchased and who are the buyers. It is also unknown what is the exact time those websites have been hacked. The identity, nationality, and location of the cybercriminal selling the information on the Dark Web are also not revealed yet.

Are you becoming ‘numb’ to mass data breaches?

News about data dumps and leaks of personal information are starting to feel like a part of our everyday life. However, you shouldn’t just agree with what is happening – you should react to it. Even though the consequences for some are not immediate, those data leaks may end up affecting all these millions of people whose details are being shared around on the internet, and you may be one of them.

Spammers, cybercriminals, and credential stuffers rely on the fact that everyday people will continue not to practice good password hygiene – i.e., they will continue to reuse the same passwords on different platforms and will not be protected by antivirus software. You have to bear in mind that those leaks very often take months and even years to be disclosed to the public. Hackers use this time to take advantage of the stolen information. So changing your password and being protected has never been more critical than it is right now. Take precaution before you become the next victim of a cybercrime.

Download your Antivirus