AlphaBay Market is quite possibly the largest marketplace on the Dark Web as of today. It is essentially a darknet website, but it is as prone to hacker attacks as the sources from where hacked information is often sold on the platform.
In April, 2016, the site’s APIs were hit, and 13,000 messages were stolen. This time a hacker has hit again. This time, the hacker got paid for exposing two high-risk bugs that allowed him to “steal” over 218,000 messages after compromising the marketplace’s internal mailing system.
Cipher0007, the hacker in question, was paid to share his methods for the two hacks. The first involved hijacking personal messages sent within the past 30 days; the second involved getting the full list of usernames and user IDs.
The bugs were patched shortly after the reveal, and the admins assured the community that the breach was only attempted by one hacker.
The marketplace itself can only be accessed within the Tor Browser, since it’s part of the Dark Web that major search engines can’t access. Had the bugs been exploited by law enforcement officials, it could have compromised the real identities of people conducting illegal activities on AlphaBay Market, such as drug dealers.
A lot of the data within the community is freely shared, which is obvious from some of the messages that were hacked. AlphaBay urged its community members to encrypt all their sensitive data, shortly after the hack and subsequent fix was revealed. The use of a PGP key was advised as well.
PGP, or Pretty Good Privacy, was the company that wrote the namesake code, which allows easy implementation of public-key cryptography to send secure messages in bulletin boards, via email and so on. PGP became a part of security major Symantec in 2010.
This is the second publicly known breach on AlphaBay Market, and it looks like a lot of people’s asses were saved because the law didn’t get its hands on the vulnerabilities before the hacker did. Fortunately, he took the bugs to the admin team, which ended in him getting paid to expose them.
No information was released about how much they actually paid Cyber0007 for information, but some of the largest bug bounty programs in the recent past have netted white hat security researchers millions of dollars. They continue to be a lucrative source of income for some of the best minds in the field of cybersecurity, but sites like AlphaBay Market, where they can sell compromised data, can sometimes offer even juicier deals that are too good to resist.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.
