GnosticPlayers

Last updated

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, [1] [2] Canva, [3] [4] and several other online services. [5] [6]

Contents

The Independent reported that GnosticPlayers had claimed responsibility for hacking other online businesses, and stealing hundreds of millions of credentials from web databases such as MyFitnessPal, Dubsmash, and fourteen others; and subsequently selling these credentials on the dark web. [7] [8]

Reported members

In 2020, cybersecurity author Vinny Troia published a report listing the following core group members: [9]

In 2019, Nassim Benhaddou, Gabriel Kimiaie-Asadi Bildstein, as well as Maxime Thalet-Fischer, were arrested after Gabriel confessed that they hacked Gatehub. [9] The hack reportedly involved the theft of $9.5 million worth of cryptocurrency. [11]

Companies affected

GnosticPlayers have taken public responsibility for the following data breaches: [9]

500px • 8fit • 8tracks • Animoto • Armor Games • Artsy • Avito • BlankMediaGames • Bookmate • Bukalapak • Canva • Chegg • CoffeeMeetsBagel • Coinmama • Coubic • DailyBooth • DataCamp • DubSmash • Edmodo • Epic Games • Evite • EyeEm • Fotolog • GameSalad • Gatehub • Ge.tt • GfyCat • HauteLook • Houzz • iCracked • Ixigo • Legendas.tv • LifeBear • LiveJournal • LovePlanet • mefeedia • MindJolt • MyFitnessPal • MyHeritage • MyVestigage • Netlog & Twoo • OMGPop • Onebip • Overblog • Petflow • PiZap • PromoFarma • RoadTrippers • Roll20 • ShareThis • Shein • Singlesnet • Solstice • Storenvy • StoryBird • StreetEasy • Stronghold Kingdoms • Taringa • Wanelo • WhitePages • Wirecard • Yanolja • YatraYouNow • Youthmanual • ZomatoZynga

See also

Related Research Articles

<span class="mw-page-title-main">Evite</span> Social-planning website for creating, sending, and managing online invitations

Evite is a social-planning website for creating, sending, and managing online invitations. The website offers digital invitations with RSVP tracking. It also offers greeting cards, announcements, E-Gift cards, and party planning ideas.

Linode was an American cloud hosting provider that focused on providing Linux-based virtual machines and cloud infrastructure.

<span class="mw-page-title-main">Travis Doering</span> Canadian systems analyst, writer and film producer

Travis Doering is a Canadian systems analyst, writer and film producer.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Dridex, also known as Bugat and Cridex, is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word.

Steemit is an American blockchain-based blogging and social media website. Users can gain a cryptocurrency, more specifically STEEM, for publishing and curating content. Users can also be rewarded with STEEM based on their comments. The company is owned by Steemit Inc., a privately held company based in New York City and a headquarters in Virginia. HIVE is the official cryptocurrency on the successful fork of the main Steem blockchain in 2020. In addition, this fork has many of the features of the main Steem blockchain, as well as a series of original ones, such as badges.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

<span class="mw-page-title-main">Bitcoin Gold</span> Cryptocurrency

Bitcoin Gold (BTG) is a cryptocurrency which was created as a hard fork of bitcoin.

<span class="mw-page-title-main">IOTA (technology)</span> Open-source distributed ledger and cryptocurrency

IOTA is an open-source distributed ledger and cryptocurrency designed for the Internet of things (IoT). It uses a directed acyclic graph to store transactions on its ledger, motivated by a potentially higher scalability over blockchain based distributed ledgers. IOTA does not use miners to validate transactions, instead, nodes that issue a new transaction on the network must approve two previous transactions. Transactions can therefore be issued without fees, facilitating microtransactions. The network currently achieves consensus through a coordinator node, operated by the IOTA Foundation. As the coordinator is a single point of failure, the network is currently centralized.

Bithumb is a South Korean cryptocurrency exchange. Founded in 2014, Bithumb Korea has 8 million registered users, 1 million mobile app users, and a current cumulative transaction volume has exceeded USD $1 trillion.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

Collection #1 is a set of email addresses and passwords that appeared on the dark web around January 2019. The database contains over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. The list, reviewed by computer security experts, contains exposed addresses and passwords from over 2000 previous data breaches as well as an estimated 140 million new email addresses and 10 million new passwords from previously unknown sources, and collectively makes it the largest data breach on the Internet.

Nulled is an online cracking forum. It was previously shut down July 4th, 2024, but as of August 2024, the website is back up.

<span class="mw-page-title-main">Dread (forum)</span> Online discussion forum hosted on the dark web

Dread is a Reddit-like dark web discussion forum featuring news and discussions around darknet markets. The site's administrators go by the alias of Paris and HugBunter.

Cable Haunt is the code name assigned to represent two separate vulnerabilities that affect many of the cable modems in use around the world in 2020. These vulnerabilities allow an attacker to obtain external access to a cable modem and perform any number of activities intended to modify the operation of, or monitor the data passing through a cable modem.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.

<span class="mw-page-title-main">Vinny Troia</span> American cybersecurity researcher

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking.

References

  1. Ivanova, Irina (2 October 2019). "Zynga data breach exposed 200 million Words with Friends players". CBS News. Archived from the original on Feb 22, 2024.
  2. Hern, Alex (December 19, 2019). "170m passwords stolen in Zynga hack, monitor says". The Guardian. Archived from the original on Sep 13, 2023.
  3. Vaas, Lisa (May 28, 2019). "Millions of Canva users' data stolen as GnosticPlayers strikes again". Naked Security. Archived from the original on Jul 21, 2023.
  4. "Canva data breach: Why hacker Gnosticplayers boasted to the media". June 3, 2019.
  5. Cimpanu, Catalin. "A hacker has dumped nearly one billion user records over the past two months". ZDNet.
  6. "Times when 'Gnosticplayers' hacker made headlines for selling troves of stolen data on dark web". Cyware. September 30, 2019. Archived from the original on Mar 25, 2023.
  7. "Dark web data dump sees 620 million accounts from hacked websites go on sale". Independent.co.uk . 13 February 2019.
  8. "617 million hacked accounts put on sale on the dark web | Digit". www.digit.in. 13 February 2019.
  9. 1 2 3 "The Dark Overlord Cyber Investigation Report" (PDF). Night Lion Security. Archived (PDF) from the original on Dec 11, 2023.
  10. "GnosticPlayers Part 1: An Overview of Hackers Nclay, DDB, and NSFW". Night Lion Security. 2019-12-30. Retrieved 2021-01-25.
  11. Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet. Retrieved 2021-01-25.