Posted on

Dark Web Hackers Sell Data Of 130 Million Consumers For 8 Bitcoin (BTC)

One of the largest data leaks in China’s history has potentially just occurred, with a hacker or group of hackers recently revealing that he/she/they had garnered sensitive data from over 130 million individuals.

As per a report from The Next Web’s Hard Fork column, the hacker recently made a move to sell the aforementioned data for 8 Bitcoin ($56,000) on a China-based dark web portal. According to a post made by the seller, the data was gathered from a security breach of the Huazhu Hotels Group, which is one of China’s most influential local hotel chains, with over 10 individual brands that span across 3,800 hotels in over 380 mainland cities.

Huazhu brandsImage Courtesy of BleepingComputer.com

Per a report from the Bleeping Computer, the data, which amasses to a reported 141.5 gigabytes in size, is believed to contain 240 million individual records from 130 million guests that have stayed at any number of Huazhu’s establishments in the past. The speculated details of the data leaked are as follows:

Official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number)

Zibao, a China-based cybersecurity group, speculated that the data was likely leaked when Huazhu programmers or developers uploaded some segments of their firm’s database to Github earlier this month. Since finding out about the hack, the hotel chain has acknowledged this unfortunate occurrence, revealing that some progress has been made in a company-run investigation, but did not give any specifics regarding the case.

Along with facilitating an internal investigation, Huazhu has also sought the help of the Shanghai police, who have come out in solidarity with the accommodation giant in an apparent show of force. A police release noted:

Those who commit illegal acts including theft, trading and exchange of residents’ personal data will be heavily punished. We are resolute in protecting people’s interest and ensuring information security.

While the data leaked may not hold too much value (Ex. lack of credit card info, passport information etc.), it is apparent that local authorities are doing their best to crack down on this illegal occurrence. Following the release of this announcement, the US-listed shares of Huazhu, dubbed China Lodging Group by some, fell by upwards of 4%, but have since recovered.

As China has been cracking down heavily on the crypto industry, the use of VPNs and similar privacy features may become the only way for users to transact, trade, and discuss crypto assets soon enough.

Photo by Markus Spiske on Unsplash
Girl in a jacket

loading…

Posted on

EOS Announces Solution to Counter-Reply any RAM-Steal Attacker: EOS/USD Breaks $5.00

The fifth largest coin by market capitalization is welcoming much gain after the roller-coaster pathway that the cryptocurrencies experienced the last days. Only behind MIOTA’s strong 15.00% increase in the last 24-hours, EOS has jumped upwards for 4.71% reaching above the major $5.00.

EOS Trading

Source: coinmarketcap

On the upside, a close above the $5.25 level and the 61.8% Fib retracement level of the last decline from the $5.65 high to $4.53 low is likely to push the price further higher. The next major resistance is near the $5.50 level, above which, the price may well test the last swing high at $5.65.

EOS Update

Experiencing various cases and knowing that the network is open for RAM exploit issue attacks, the team behind EOS commenced a solution to prevent it. By implementing lines of code, users that are targeting to reach this were able to steal RAM by installing worth noting amount of garbage into rows that are inserted in the name of the second account which is sending to the original account tokens.

It has been announced by the team that the solution to deviate the exploit works by sending the coins to a proxy which starting-off has no RAM available. This includes the first word of a memo which is the account that you want to complete the transfer.

EOS has retained its top spot in the latest ranking of public blockchain projects released by the Chinese government. This latest ranking is the fourth since the index debuted at the end of May 2018.

For the third month in a row, EOS has maintained its number one spot atop the ranking. The delegated proof-of-stake (DPoS) blockchain project edged out Ethereum after the first rankings were released to gain the top spot since June 2018. Apart from topping the charts, EOS also occupied the top place in Technology index.

EOS Future

Girl in a jacket

loading…

Get real time updates directly on you device, subscribe now.

Posted on

Over $1 Million Stolen Fund: ICO Influencer Ian Balina Revealing Identities Of Hackers

Respected cryptocurrency influencer, investor and YouTuber, Ian Balina, whose nothing less than $1 Million fund was stolen in a wallet has come out on Twitter to throw light into the April hack which many pointed was cooked by him to evade tax.

Ethereum World News had earlier reported that Ian Balina claimed the fund was carted away by unknown hackers, who, according to Balina, requested he change his college email after receiving notification that it was compromised. In the email, it appeared the hacker got access to Balina’s Evernote account where he kept the text versions of his private keys as encrypted text files with passwords.

The ICO pundit has said he was unperturbed, but will do everything within the confine of the security to see that the perpetrators are brought to book.

In a fresh indication, which twiterrati noted is a major step towards identifying the hackers, Balina first said the hackers work under a group by the name “Lizard Squad”, before pointing that hackers “Veri and Doc” are majorly on security operative’s radial.

“We believe it was a hacker group going by the name “Lizard Squad.” They’ve been behind numerous attacks on other people and companies in the crypto space. We’ve received intel the same hackers are responsible for hacking Bithumb exchange.”

“Correction, not Lizard squad. Independent hackers that are rivals. Hackers by the names veri & doc are persons of interest. Others helping launder money.”

He said the hackers have access to AT&T tools and phone carrier employees on payroll, which they are using to get pins to phone number accounts.

“Numerous people in investor networks are now getting hacked by them via phone/SIM swaps. They’re paying employees at phone carriers like @ATT, @TMobile, etc. for employee login info via the dark web.”

Earlier, Balina in a conversation with Gizmodo made known that the hackers have been identified.

“I’ll be ready to talk when the criminal has been arrested. We have identified who did it and this is a lot bigger than me. Other big names in crypto have been hacked by this criminal. Currently working with FBI, that’s all that I can say. The allegations that I would pull a stunt like this publicly for tax evasion is completely ludicrous. Any attempts to write anything regarding those lies will be met with legal action.”

While assuring crypto lovers that the hackers are going to be apprehended, he said International law enforcement is actively monitoring every single move they make, and will make sure they are fished out in no time.

loading…

Posted on

Verge Suffers Another Blow From Hackers

The integrity and reliability of Verge Currency has once again been questioned, following a massive blow that the blockchain suffered from hackers which is not the first of its kind.

A currency which taunts itself as being a “secure and anonymous”, telling people that “privacy has a choice” yesterday fell into the bait of hackers, where a malicious miner took over 51% of the network’s Hashrate.

The Wednesday April 4, attack was made known on a Bitcointalk forum, by a regular poster ocminer who stated that about 250,000 verge was carted away.

The attack, according to the forum was made possible due to the availability of some bugs in the altcoin’s code, giving the hackers the possibility to mine new blocks with a spoofed timestamp using the same algorithm.

“Usually to successfully mine XVG blocks, every “next” block must be of a different algo.. so for example scrypt,then x17, then lyra etc”.
“Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one hour ago.. Your next block, the subsequent block will then have the correct time.. And since it’s already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well”, the forum post reads.

The attack went on for about 3 hours until Verge’s lead developer, Justin successfully proffered solution to the problem temporally after a second attempt with an emergency commit post. However, by that time, hundreds of blocks has been established by the hacker and it was irreversible.

In a bid to down play the attack, verge, on its twitter account posted:

Source: Twitter.

In a bid to compound the altcoin’s problem, the supposed hacker in a post said, “hey Verge Team, get some real developers and fix your code.
We have found another 2 exploits which can make quick hashes as well.”

Narrating an experience of the event, a Verge holder explained:

“I visited some hours ago the official Verge Twitter profile to read the news about the hash hack. While reading the tweet I noticed several messages offering a compensation for the attack by Verge”.

“Send x Eth and you get some bonus back. Sounded legit to me as it was affilated to the hash attack and I suffered from it as well having had some hours only orphaned blocks on all my baikals, hence I fall victim to this damn scam on the official twitter page”.

In another post, a user lodged a complaint stating: “based on what I see from the dev postings here it’s apparent that if ocminer had never brought this to everyone’s attention, the XVG team would have never admitted to or disclosed what happened. Trying to downplay and being flippant about the severity here is just pissing on the XVG faithful.”

It can also be recalled that last month, Verges Twitter account was also taken over by hackers where users were asked for coin.

Musing over the all the occurrence of heist, the developer is preparing a hard fork for the altcoin.