fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker leaks database of dark web hosting provider

Hacker leaks database of dark web hosting provider

Leaked data contains email addresses, site admin passwords, and .onion domain private keys.

By Catalin Cimpanu for Zero Day | May 31, 2020 — 10:43 GMT (18:43 GMT+08:00) | Topic: Security

DH leaked
Image: ZDNet (provided)

A hacker has leaked online today the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web services.

The leaked data was obtained after the hacker breached DH earlier this year, on March 10, 2020. At the time, DH owner Daniel Winzen told ZDNet the hacker breached his portal, stole its database, and then wiped all servers.

On March 26, two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites — a third of all dark web portals — went down following DH’s shutdown.

SENSITIVE DATA LEAKED ONLINE

Today, a hacker going by the name of KingNull uploaded a copy of DH’s stolen database on a file-hosting portal, and notified ZDNet, since we broke the news about the DH hack in March.

According to a cursory analysis of today’s data dump, the leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains.

dh-sample.png
Image: ZDNet

“The leaked database contains sensitive information on the owners and users of several thousand darknet domains,” threat intelligence firm Under the Breach told ZDNet today after we asked the company to analyze the leak.

Under the Breach said the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals.

“This information could substantially help law enforcement track the individuals running or taking part in illegal activities on these darknet sites,” Under the Breach told ZDNet.

Furthermore, if the site owners moved their dark web portals to new hosting providers but continued to use the old password, hackers could also take over their new accounts — if they crack the leaked DH hashed passwords.

However, while threat intelligence firms and law enforcement may comb the database in search of clues of users who hosted cybercrime-related sites, the leaked data may also put the owners of dissident and political sites at risk of having their identities exposed by oppressive regimes, which could have dire consequences if those users did not take necessary steps to protect their identities.

IP addresses, which could have helped law enforcement in some investigations, were not included in the dumped data.

SECOND TIME DH WAS HACKED

The March 2020 hack was the second time that DH suffered a security breach. The site had been previously hacked in November 2018 when an intruder similarly breached the site’s backend database server and deleted all sites. More than 6,500 were wiped at the time, but no data was ever leaked.

However, DH is not the only major dark web hosting provider to have been hacked. In 2017, the same Anonymous hacker collective took down Freedom Hosting II after they discovered that the hosting provider was sheltering child abuse portals.

KingNull, who also claimed to be part of the Anonymous hacker collective, did not return an email seeking additional comment.

Following the March 2020 hack, Winzen told ZDNet that he still plans to relaunch the service in several months, but only after several improvements, and that this was not a priority.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us