The AlphaBay Dark Web marketplace has been breached as a result of a vulnerability, a researcher was able to harvest over 200 000 private messages from its system.
AlphaBay Underground Hacker Marketplace Messages Harvested
A computer security researcher had reported the existence of a critical vulnerability in the AlphaBay market. This is one of the largest underground hacker markets which is accessible via the Dark Web. He was able to harvest over 200 000 private messages which have been exchanged between the users of the community.
He initiated several warnings to the AlphaBay administrators about a security vulnerability in their network. When it was ignored, he demonstrated his findings on Reddit. The expert claimed that he has created a specialist bot that helped him collect all of the harvested messages. After the problem was disclosed publicly the AlphaBay market patched the issue and paid the user an undisclosed sum. According to the marketplace itself all private messages that are obtained in a period that spanned over 30 days are automatically purged from the system. In addition to private messages the attack also obtained other valuable assets – user IDs and usernames. However any passwords, BTC addresses or orders were not part of the data sets.
AlphaBay is one of the largest underground markets at this time. It has been used to trade stolen information, payment card data and other illegal goods and services. During the years of its operation there have been several law enforcement actions. One of the vendors has even ended up in prison for selling private information.
The disclosed message was posted on Reddit by a user called Cipher0007:
hi to all i have opened ticket to warn support of alphabay regarding 2 high-risk bugs without response, now i have dumped all private messages of buyers and sellers over 200k with high risk with information of first/last name and addresses of users and track id of packs sent from sellers, and all users (id, nickname) over 1 million and 130k of this market with this bugs, all your messages are available to everyone, please, guys, be careful, OK?
The Cipher0007 user recommends that everyone should use the PGP system for safer communication.