sb-as logo
Story image

Almost four million Quidd users have credentials exposed

15 Apr 2020

The credentials of almost four million users of the collectible-trading website Quidd have been discovered on a deep-web hacking forum, according to Risk Based Security (RBS).

A threat actor going by the name ‘ProTag’ originally posted the compromised data on March 12 this year, after which they were removed.

They were reposted by a different user, however, on March 29. Another threat actor responded to this post stating they had decrypted nearly a million password hashes, says RBS.

A RBS researcher confirmed the claim after affirming the creditability of the poster. RBS says the leaked data sets include email addresses, usernames, and bcrypt hashed passwords of 3,954,416 users.

RBS also revealed that the data leak contains email addressed belonging to many well-known organisations, including Microsoft, Accenture, Virgin Media, Target and AIG.

This development vastly increases the potential for attackers with access to this data to launch effective phishing campaigns.

ZDNet, a cybersecurity news site, says it has learned that the leaked data from Quidd has been ‘trading privately among high-level groups for months’, and that posts advertising the data have been circulating on various hacking forums and Pastebin since late last year.

The recent development represents the leak of the data into the public domain, which according to ZDNet occurred last month when a data trader posted a copy of the Quidd data on a publicly accessible hacker forum.

The data has since been spread countless times on many different forums, all but ensuring its proliferation across the internet.

Referring to RBS’s research indicating the passwords leaked were protected with a bcrypt hashing algorithm, ZDNet says this bodes well for victims of the breach as ‘reversing bcrypt-protected passwords into their plaintext format is considered incredibly difficult and a time and resource-consuming operation.’

ZDNet says that use of the bcrypt algorithm is also very likely the reason why the Quidd data has leaked on public hacking forums in the first place.

A data trader told ZDNet that bcrypt is not in high demand, as spam, malware, and online fraud groups are ordinarily more interested in data that contains cleartext passwords.

This is because it’s generally easier to breach and take over these accounts, thereby acquiring the opportunity to instigate their attack campaigns.

ZDNet has confirmed that hackers have now begun working on cracking the Quidd passwords, and that one individual is currently selling access to more than 135,000 cracked Quidd passwords. 

HackerOne technical program manager Prash Somaiya says the Quidd incident indicates a need for organisations to co-ordinate with the hacking community.

“Having a cybersecurity strategy that engages with the wider hacking or researcher community can provide that extra layer of protection,” says Somaiya.

“Having a Vulnerability Disclosure Policy – a clear channel through which security researchers can report any issues - means that researchers like these can flag any potential issues before they feel they have no choice but to report publicly through the media. 

“Being aware of vulnerabilities before the cyber criminals is essential to protecting your valuable data, financial health and your company's reputation."

Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Download image
NFV: The ticket to stronger, simpler corporate networks
It's a big industry - but what exactly is NFV?More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More