144 million records from new data breaches being sold online: What to do

(Epitome credit: Getty Images)

User information stolen in data breaches at 14 companies is being sold on the online black marketplace, and more than than 144 million users may be at risk.

According to Bleeping Estimator, an infamous information broker is at the heart of the operation. While the 14 databases differ in the types of information they hold, each contains usernames and hashed passwords, although non all the password hashes are probable to be cracked.

The best antivirus software to keep you and your devices safe
VPN: add together an extra layer of security with a virtual private network
But In: Hack a PS4, and Sony might pay you $l,000

The compromised databases originate from online food services, gaming websites, sports streaming services, fiscal services companies, dress retailers and a range of other companies.

The affected companies and services are Dark Throne, Efun, Fluke, Footters, HomeChef, JamesDelivery, KitchHike, KreditPlus, Minted, Playwings, Revelo, Tokopedia, Yotepresto and Zoosk, and the stolen data contains more than 144 meg records in total.

According to the stolen-data seller, all these breaches took place from Jan to June 2020. Of the xiv companies, Bleeping Reckoner reports, just HomeChef, Minted, Tokopedia and Zoosk have appear data breaches, but Bleeping Computer said the data it saw from the other companies looked "legitimate."

Sold to the highest applicant

The information broker told Bleeping Computer he was selling the contents of each database for prices ranging between $100 and $ane,100. The largest information stash holds 91 million records from Tokopedia, an Indonesian e-commerce company, while the smallest holds 115,000 records from Japanese food-and-travel site KitchHike.

The aforementioned data banker is also selling data stolen from companies that take been compromised in the past. They include the likes of Wirecard, ClickFunnels, Reverb Nation, ZyngaPoker, Star Tribune and Epic Games.

The KitchHike account passwords were protected with the very strong hashing algorithm Bcrypt, according to a screenshot posted by Bleeping Figurer. If so, the KitchHike passwords are probably safe, simply at that place's no guarantee that passwords that were part of the other databases would accept been too protected.

The KitchHike information also included usernames, electronic mail addresses, real names, geographic locations, social-media profiles and phone numbers, so there'south plenty for spammers and phishers to piece of work with even without cracking a password.

If you have an account with whatever of these breached websites and online services, you lot should change your business relationship countersign right away, and make certain the new countersign something potent and unique. Ane of the best password managers will exist of enormous help. Y'all should likewise contact the affected company for advice.

If your information is indeed among this stolen data, you lot may want to consider one of the best identity-theft protection services, which can help limit the impairment.

More: Stay anonymous without the spend with a cheap VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Calculator Weekly, and many others. He also happens to be a diehard Mariah Carey fan!