617 Million Accounts Stolen: Logins from Toronto’s 500px, MyFitnessPal and More

Nearly 617 million accounts from 16 popular websites have been put up for sale by hackers on the Dark Web. The apparent seller of the data trove has also provided The Register with sample records from the multi-gigabyte collection, which consist mainly of account holder names, email addresses, and hashed passwords.

The account databases, which can be purchased from the Dream Market cyber-souk for less than $20,000 in Bitcoin, include logins from Toronto’s 500px online photography community, MyFitnessPal, Dubsmash, Whitepages, HauteLook, and more.

According to the hacker, the information was stolen during 2018 by cracking security vulnerabilities within web apps and by deploying remote-code execution to extract user account data.

“A spokesperson for MyHeritage confirmed samples from its now-for-sale database are real, and were taken from its servers in October 2017, a cyber-break-in it told the world about in 2018. 500px and EyeEm also confirmed their account data was stolen from their servers and put up for sale this week in the seller’s collection. This lends further credibility to the data trove.”

The following sites, in order of volume of details compromised, can be seen below:

• Dubsmash (162 million details)
• MyFitnessPal (151 million details)
• MyHeritage (92 million details)
• ShareThis (41 million details)
• HauteLook (28 million details)
• Animoto (25 million details)
• EyeEm (22 million details)
• 8fit (20 million details)
• Whitepages (18 million details)
• Fotolog (16 million details)
• 500px (15 million details)
• Armor Games (11 million details)
• BookMate (8 million details)
• CoffeeMeetsBagel (6 million details)
• Artsy (1 million details)
• DataCamp (700,000 details)

500px has already notified their users that the site was indeed hacked and that all account passwords will be reset.

“We are able to confirm a breach occurred. Our engineers immediately launched a comprehensive review of our systems and have since taken every precaution to secure them. All areas of vulnerability have been identified and fixed during our internal investigation, and we’ve found no evidence to date of any recurrence of the issue.”

The hacker is now claiming to already have secured one buyer with potentially more to come.