GnosticPlayers

Last updated

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, [1] [2] Canva, [3] [4] and several other online services. [5] [6]

Contents

The Independent reported that GnosticPlayers had claimed responsibility for hacking other online businesses, and stealing hundreds of millions of credentials from web databases such as MyFitnessPal, Dubsmash, and fourteen others; and subsequently selling these credentials on the dark web. [7] [8]

Reported members

In 2020, cybersecurity author Vinny Troia published a report listing the following core group members: [9]

In 2019, Nassim Benhaddou, Gabriel Kimiaie-Asadi Bildstein, as well as Maxime Thalet-Fischer, were arrested after Gabriel confessed that they hacked Gatehub. [9] The hack reportedly involved the theft of $9.5 million worth of cryptocurrency. [11]

Companies affected

GnosticPlayers have taken public responsibility for the following data breaches: [9]

500px • 8fit • 8tracks • Animoto • Armor Games • Artsy • Avito • BlankMediaGames • Bookmate • Bukalapak • Canva • Chegg • CoffeeMeetsBagel • Coinmama • Coubic • DailyBooth • DataCamp • DubSmash • Edmodo • Epic Games • Evite • EyeEm • Fotolog • GameSalad • Gatehub • Ge.tt • GfyCat • HauteLook • Houzz • iCracked • Ixigo • Legendas.tv • LifeBear • Live Journal • LovePlanet • mefeedia • MindJolt • MyFitnessPal • MyHeritage • MyVestigage • Netlog & Twoo • OMGPop • Onebip • Overblog • Petflow • PiZap • PromoFarma • RoadTrippers • Roll20 • ShareThis • Shein • Singlesnet • Solstice • Storenvy • StoryBird • StreetEasy • Stronghold Kingdoms • Taringa • Wanelo • WhitePages • Wirecard • Yanolja • Yatra • YouNow • Youthmanual • Zomato • Zynga

A report published by security research firm Night Lion Security states that the core members of GnosticPlayers (who are also connected with groups The Dark Overlord and Shiny Hunters) have been involved in 25% of non-credit card related data breaches between January 1, 2017 and June 30, 2020. [9]

See also

Related Research Articles

<span class="mw-page-title-main">Evite</span> Social-planning website for creating, sending, and managing online invitations

Evite is a social-planning website for creating, sending, and managing online invitations. The website offers digital invitations with RSVP tracking. It also offers greeting cards, announcements, E-Gift cards, and party planning ideas.

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.

<span class="mw-page-title-main">Travis Doering</span> Canadian systems analyst, writer and film producer

Travis Doering is a Canadian systems analyst, writer and film producer.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Dridex, also known as Bugat and Cridex, is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

<span class="mw-page-title-main">IOTA (technology)</span> Open-source distributed ledger and cryptocurrency

IOTA is an open-source distributed ledger and cryptocurrency designed for the Internet of things (IoT). It uses a directed acyclic graph to store transactions on its ledger, motivated by a potentially higher scalability over blockchain based distributed ledgers. IOTA does not use miners to validate transactions, instead, nodes that issue a new transaction on the network must approve two previous transactions. Transactions can therefore be issued without fees, facilitating microtransactions. The network currently achieves consensus through a coordinator node, operated by the IOTA Foundation. As the coordinator is a single point of failure, the network is currently centralized.

Bithumb is a South Korean cryptocurrency exchange. Founded in 2014, Bithumb Korea has 8 million registered users, 1 million mobile app users, and a current cumulative transaction volume has exceeded USD $1 trillion.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

Collection #1 is the name of a set of email addresses and passwords that appeared on the dark web around January 2019. The database contains over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. The list, reviewed by computer security experts, contains exposed addresses and passwords from over 2000 previous data breaches as well as an estimated 140 million new email addresses and 10 million new passwords from previously unknown sources, and collectively makes it the largest data breach on the Internet.

Nulled is an online cracking forum. It was previously shut down July 4th, 2024, but as of August 2024, the website is back up.

<span class="mw-page-title-main">Dread (forum)</span> Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

Kimsuky is a North Korean state-backed hacker group and advanced persistent threat that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years Kimsuky has expanded its operations to target states such as Russia, the United States, and European nations.

On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.

<span class="mw-page-title-main">Vinny Troia</span> American cybersecurity researcher

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking. Troia is also known for disclosing the Shanghai police database leak in 2022.

References

  1. Ivanova, Irina (2 October 2019). "Zynga data breach exposed 200 million Words with Friends players". CBS News. Archived from the original on Feb 22, 2024.
  2. Hern, Alex (December 19, 2019). "170m passwords stolen in Zynga hack, monitor says". The Guardian. Archived from the original on Sep 13, 2023.
  3. Vaas, Lisa (May 28, 2019). "Millions of Canva users' data stolen as GnosticPlayers strikes again". Naked Security. Archived from the original on Jul 21, 2023.
  4. "Canva data breach: Why hacker Gnosticplayers boasted to the media". June 3, 2019.
  5. Cimpanu, Catalin. "A hacker has dumped nearly one billion user records over the past two months". ZDNet.
  6. "Times when 'Gnosticplayers' hacker made headlines for selling troves of stolen data on dark web". Cyware. September 30, 2019. Archived from the original on Mar 25, 2023.
  7. "Dark web data dump sees 620 million accounts from hacked websites go on sale". Independent.co.uk . 13 February 2019.
  8. "617 million hacked accounts put on sale on the dark web | Digit". www.digit.in. 13 February 2019.
  9. 1 2 3 4 "The Dark Overlord Cyber Investigation Report" (PDF). Night Lion Security. Archived (PDF) from the original on Dec 11, 2023.
  10. "GnosticPlayers Part 1: An Overview of Hackers Nclay, DDB, and NSFW". Night Lion Security. 2019-12-30. Retrieved 2021-01-25.
  11. Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet. Retrieved 2021-01-25.