Hacker breaches Data leak monitoring service of a cyber security firm in an act to get Revenge
According to ZDNet A hacker going by name nightlion claims to have breached data leak detection service of an U.S based Cyber Security firm and have stolen data which had more than 8200 databases containing the information of billions of users that leaked from other companies during past security breaches. The data and databases belonged to DataViper, a data leak monitoring service by Vinny Troia, the security expert behind Night Lion Security firm.
The hacker hosted an onion site over Tor Network where he claims that he has over 8200 databases and 463 downloadable JSON data which is available as an e-zine(electronic magzine). He also claims that he had been in the dataviper servers for almost three months while exfiltrating databases that Troia had indexed for the DataViper data leak monitoring service. The hacker also posted an archive as proof that for his claims. he has also posted some ads in Empire markets about selling the data.
In accordance to ZDNet
Most of the 8,200+ databases listed by the hacker were for “old breaches” that originated from intrusions that took place years before, and which had been known and leaked online already, in several locations.
However, there were also some new databases that ZDNet was not able to link to publicly disclosed security breaches.We have requested additional details from the hacker, and are still in the process of verifying their claims
Troia says “he had only access to test server”
In a phone talk with ZDNet, Troia admitted that DataViper had been breached but he states that the leaker only had access was an test server with nothing special in them. Troia says that most of the data had been public before in some cases the data has been obtained from communities which the leaker has been a part of. Troia belives that the leaker might be part of hacking groups like TheDarkOverlord, ShinyHunters, and GnosticPlayers.ZDNet says Troia also documented the activities of some of these groups in a book he published. The DataViper founder says today’s leak was timed to damage his reputation before a talk he’s scheduled to give on Wednesday at the SecureWorld security conference about some of the very same hackers, and their supposed real-world identities.
Troia full statement to ZDNet was
“When people think they are above the law, they get sloppy. So much so they forget to look at their own historical mistakes. I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven’t learned. All they had access to was a dev environment. Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people’s attention. These are the actions of scared little boys pushed up against a wall facing the loss of their freedom.”