In a surprising case of a cybercriminal breaching the very platform that supports hacker existence, a dark web hosting service, a hacker has leaked the database of a key provider of dark web services – leading to the exposure of personal data relating to users and owners of a number of darknet sites.
The dark web hosting service provider involved is Daniel’s Hosting (DH), which is considered to be the largest of its kind, whose leaked data is reported to have been stolen in early March 2020.
At the time, Daniel Winzen, a German tech guru that owned the service, reported that hackers had breached the backend of the hosting service and stolen sensitive data before deleting the entire collection of databases belonging to the platforms hosted by DH.
The events that followed the data breach saw the DH owner closing the platform on March 26, and he went ahead to ask its users to transfer their sites to other dark web hosting services. The DH shutdown saw a major disruption in the internet underworld with 7,600 sites, which make up a third of the dark web’s long list of platforms, going down.
Data Leaked Online – The Risks
In the latest report, a hacker that uses the online moniker KingNull posted a copy of the stolen DH database on a file-hosting website.
A rough analysis of the data dump reveals that the leaked database has various types of sensitive data, including 3,671 email addresses, password details to 7,205 online accounts and 8,580 private keys to .onion portals.
According to the data breach monitoring service Under the Breach, the stolen database could spell doom to its owners. The dump of sensitive information that has been exposed belongs to the operators and users of an endless list of dark web sites. The threat intelligence firm maintained that the leaked data can easily be used to connect the real identities behind the email addresses to darknet domains.
Importantly, according to Under the Breach, authorities may access the data dump and use the stolen database to locate the real people walking through dark web corridors in facilitation of international criminal activities.
Furthermore, in case the owners of the dark web sites follow Winzen’s advice and transfer their domains to new hosting providers after all, the mistake of retaining old credentials may cost them dearly – old passwords may be exploited by threat actors to take over the newly established accounts just in case the DH hashed passwords get cracked.
Otherwise, when thinking about the positive attributes of dark web applications, the cybersecurity firms and police agencies may also rattle the persons using darknet sites to operate under the radar of oppressive regimes. Political domains will be put at great risk with the possibility of real user identities being uncovered – an aspect that would potentially destroy lives and challenge the freedom of expression and access to information.
Flashback – This Is Not The first Time
Looking back, apart from the March 10 data breach, DH Hosting service was breached before – sometime in November 2018.
The 2018 case had led to the deletion of more than 6,500 dark web domains. At the time, the DH Hosting backend database had suffered a cyberattack.
Point to note, Daniel’s Hosting achieved worldwide prominence after the Anonymous hacker attacked a competing dark web hosting provider called Freedom Hosting II. Then, the hacking group had rationalized their actions as a fight against the platform for tolerating child abuse sites.
As a way forward following the recent events, Winzen told ZDNet that he is considering to relaunch the platform in the near future once the hosting service succeeds to execute a couple of important fixes.