More than 226 million login details of 23,000 websites are on the street. That reports the Australian security researcher Troy Hunt. Of the websites, 155 have a domain name ending in .nl.
This makes it very likely that the login details of the Dutch have also been leaked. The crack is just outside the top 10 largest (known) data breaches ever.
In all probability, the login details were not all cracked at once. Underground web forums have a lively trade in log-in databases. These can then be put together again to form an ever-larger collection, which is also worth more and more money.
Hookers.nl
The source of the data is Cit0Day.in, a rogue service that provided hackers with usernames and passwords of specific people for a fee. The service has been offline since September, after which the data ended up on a Russian hacker forum, writes tech website ZDNet.
There are no very big names between the cracked sites. They are mainly sites of small entrepreneurs, hobby sites and forums. They often use ready-made software. When a backdoor is found, it can be applied to all sites that use the software. In addition, operators of smaller sites have less time and money for their digital security than large tech companies.
Hookers.nl, a forum for visitors of prostitutes, is an example of this. 287,560 accounts of the site have been entered into the Cit0Day database, but the hack of that particular site became known last year. At the time, the hacker told NOS that he had exploited an already known security hole in the forum’s software.
The sites of, among others, a florist in Dronten (1,497 logs) and the village of De Noord near Heerhugowaard (5,378 accounts) can also be found in the leak.
Recycled passwords
Most of the time, hackers are not interested in the accounts of those specific sites. Orchestrating a hack to order flowers in the name of another is not very lucrative. However, they hope that the cracked login data will also be reused on more important sites. Think of email inboxes, work systems or data storage services such as Dropbox.
Digital security experts therefore recommend never reusing passwords for multiple sites. Password managers are a useful tool for this. Losing access to Hookers.nl is annoying, but manageable. It becomes more unpleasant if a malicious hacker not only finds out that you are on a sex forum, but can also link the content of your Google Drive to it because it contains the same password.
If you’re concerned, check Troy Hunt’s HaveIBeenPwned.com website to see if their email address appears in a disclosed hack.
