The attacker put up for sale a database of accounts containing a total of 34 million user accounts that were stolen from 17 companies in a hack.
The seller told BleepingComputer that he is not responsible for hacking companies and only acts as a broker. The seller also declined to reveal who was behind the data theft.
All seventeen of the databases for sale were stolen in 2020, the largest of which is owned by Geekie and contains 8.1 million records.
BleepingComputer contacted all affected companies, but only RedMart confirmed the breach, and Wongnai.com reported an investigation is currently underway.
According to the seller, the following information is offered for sale:
Redmart.lazada.sg (1.1 million): Emails, SHA1 hashed passwords, postal and billing addresses, full name, phone numbers, partial credit card numbers and expiration dates;
Everything5pounds.com (2.9 million): Email, hashed passwords, name, gender, phone number
Geekie.com.br (8.1 million): emails, bcrypt-sha256 / sha512 hashed passwords, login, name, gender, mobile phone number, Brazilian identification number (CPF);
Cermati.com (2.9 million): Email, bcrypt password, name, address, phone, income, bank, tax number, ID number, gender, job, company, mother's maiden name;
Clip.mx (4.7 million): email, phone;
Katapult.com (2.2 million): email, password pbkdf2-sha256, login;
Eatigo.com (2.8 ln): email, md5 password, name, phone, gender, Facebook ID and token;
Wongnai.com (4.3 million): Email, md5 password, IP, Facebook and Twitter ID, name, date of birth, phone, zip code;
Toddycafe.com (129 thousand): email, password, name, phone, address;
Game24h.vn (779 thousand): email, md5 password, login, date of birth, name;
Wedmegood.com (1.3 million): Email, password sha512, phone, Facebook ID
W3layouts.com (789 thousand): - email, bcrypt password, IP, country, city, state, phone, name;
Apps-builder.com (386k): email, md5crypt password, IP, name, country;
Invideo.io (571k): email, bcrypt password, name, phone;
Coupontools.com (1 million): email, bcrypt password, name, phone, gender, date of birth;
Athletico.com.br (162k): email, md5 password, name, cpf, date of birth;
Fantasycruncher.com (227 thousand): email, bcrypt / sha1 password, login, IP.