Quidd, one online A market in which stickers, cards, toys and other collectibles are sold, was breached in 2019 resulting in data leaks of about 4 million users in hacking forums. This data includes the names of users of Quidd, addresses e-mail and passwords from hacked accounts. Behind the leak is a hacker known as PROTAG.
In his space cybercrime, there are different groups and entities, each of which plays a different role. There are, for example, hackers who commit substantial security breaches and there are also data traders, that is, people who sell stolen data. Two different sources told ZDNet that a hacker known as ProTag is the one who appears to be hiding behind the violation and was the first to leak the data from Quidd, putting it up for sale. In addition, ZDNet learned from a data trader that Quidd's information had been selling for months, with ads related to it being published in hacking forums and in Pastebin approximately from October and December 2019 respectively. But while that data has been the subject of private negotiations for months, Quidd's user information has now leaked publicly. This happened last month when a data merchant posted a copy of Quidd's data to a public hacking forum. Since then, the data has been shared and republished among other members of the pirate community.
Quidd has not revealed any recent incidents security, so it is not clear whether the company is aware of the breach. ZDNet contacted her about the case without receiving any response at this time, and having obtained copies of the leaked data, she also contacted some users to confirm that their details were correct.
Risk-Based Security, which first reported Quidd's breach last week, also said that after the initial test, the data appears to be valid. The only positive thing about the leaked data is that the passwords were not in text format, but were insured with the algorithm. bcrypt. Reversing encrypted passwords in their hidden form is considered extremely difficult and requires time and resources. Ironically, the use of the bcrypt algorithm may be the reason why Quidd's data has leaked to public hacking forums. The merchant refers to the fact that groups spam, malware and cyberbullying are interested in pirated data containing passwords with clear text, as it is easier to take control of these accounts and run the corresponding spam campaigns, malware and fraud.
Currently, there are many hackers trying to "crack" Quidd passwords. One person sells access to more than 135.000 hidden Quidd passwords, while Risk-Based Security reports identifying another person who claims to provide access in more than 1 million infringed Quidd accounts. So Quidd users are advised to change their passwords as soon as possible.