More than 226 million login details of 23,000 websites are on the street. That reports the Australian security researcher Troy Hunt. 155 of the websites have a domain name ending in .nl.
This makes it very likely that the login details of the Dutch have also been leaked. The crack falls just outside the top 10 largest (known) data breaches ever.
In all probability, the login details were not all cracked at once. Underground web forums have a lively trade in log-in databases. These can then be put together again to form an ever-larger collection, which is also worth more and more money.
Hookers.nl
The source of the data is Cit0Day.in, a rogue service that provided hackers with usernames and passwords of specific people for a fee. The service has been offline since September, after which the data ended up on a Russian hacker forum, writes tech website ZDNet.
There are no very big names between the cracked sites. They are mainly sites of small entrepreneurs, hobby sites and forums. They often use ready-made software. When a backdoor is found, it can be applied to all sites that use the software. In addition, administrators of smaller sites have less time and money for their digital security than large tech companies.
Hookers.nl, a forum for visitors of prostitutes, is an example of this. 287,560 accounts of the site have been entered into the Cit0Day database, but the hack of that particular site was announced last year. At the time, the hacker told NOS that he had exploited an already known security hole in the forum’s software.
The sites of, among others, a florist in Dronten (1497 logs) and the village of De Noord near Heerhugowaard (5378 accounts) can also be found in the leak.
Recycled passwords
Most of the time, hackers are not interested in the accounts of those specific sites. Orchestrating a hack to order flowers in someone else’s name is not very lucrative. However, they hope that the cracked login data will also be reused on more important sites. Think of e-mail inboxes, work systems or data storage services such as Dropbox.
Digital security experts therefore recommend never reusing passwords for multiple sites. Password managers are a useful tool for this. Losing access to Hookers.nl is annoying, but manageable. It becomes more unpleasant if a malicious hacker not only finds out that you are on a sex forum, but can also link the content of your Google Drive to it because it contains the same password.
If you’re concerned, check Troy Hunt’s website HaveIBeenPwned.com to see if his email address appears in a disclosed hack.
