A hacker who stole around 620 million user records last year has struck again, this time taking another 127 million records from eight websites.
According to reports, the hacker gained access to 16 websites last year, stealing more than 151 million records from MyFitnessPal and 25 million records from Animoto, among others. Although financial information was not breached, the criminal was able to gain access to names, email addresses and scrambled passwords, and in some cases, other login and account data.
Now the same person has hit eight additional websites, including Ixigo, YouNow, Houzz, Gett, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. The hacker is now selling the data for about $14,500 in bitcoin.
Ariel Ainhoren, research team leader at Israeli security firm IntSights, said that the hacker may have used the same security flaw in both round of attacks. In fact, six of the 16 databases breached last year were running the same back-end PostgreSQL database software.
“We’re still analyzing it, but it could have been that he used some kind of vulnerability that surfaced around that time and wasn’t patched by these companies or a totally new unknown vulnerability,” he said. “As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it.”
But Jonathan Katz, a contributor for PostgreSQL, said the project was “currently unaware of any patched or unpatched vulnerabilities that could have caused these breaches.”
“There are many factors that need to be taken into consideration when securing a database system that go beyond the database software. We have often found that data breaches into a PostgreSQL database involve an indirect attack vector, such as a flaw in an application accessing PostgreSQL or a suboptimal policy around data management,” he said. “When it comes to vulnerabilities, the PostgreSQL community has a dedicated security team that evaluates and fixes issues and, in the spirit of open source collaboration, transparently reports on and educates our users about them.”