GnosticPlayers

Last updated

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, [1] [2] Canva, [3] [4] and several other online services. [5] [6]

Contents

The Independent reported that GnosticPlayers had claimed responsibility for hacking other online businesses, and stealing hundreds of millions of credentials from web databases such as MyFitnessPal, Dubsmash, and fourteen others; and subsequently selling these credentials on the dark web. [7] [8]

Reported members

In 2020, cybersecurity author Vinny Troia published a report listing the following core group members: [9]

In 2019, Nassim Benhaddou, Gabriel Kimiaie-Asadi Bildstein, as well as Maxime Tallet, were arrested after Gabriel confessed that they hacked Gatehub. [11] The hack reportedly involved the theft of $9.5 million worth of cryptocurrency. [12]

Companies affected

GnosticPlayers have taken public responsibility for the following data breaches: [13]

500px • 8fit • 8tracks • Animoto • Armor Games • Artsy • Avito • BlankMediaGames • Bookmate • Bukalapak • Canva • Chegg • CoffeeMeetsBagel • Coinmama • Coubic • DailyBooth • DataCamp • DubSmash • Edmodo • Epic Games • Evite • EyeEm • Fotolog • GameSalad • Gatehub • Ge.tt • GfyCat • HauteLook • Houzz • iCracked • Ixigo • Legendas.tv • LifeBear • Live Journal • LovePlanet • mefeedia • MindJolt • MyFitnessPal • MyHeritage • MyVestigage • Netlog & Twoo • OMGPop • Onebip • Overblog • Petflow • PiZap • PromoFarma • RoadTrippers • Roll20 • ShareThis • Shein • Singlesnet • Storenvy • StoryBird • StreetEasy • Stronghold Kingdoms • Taringa • Wanelo • WhitePages • Wirecard • Yanolja • Yatra • YouNow • Youthmanual • Zomato • Zynga

A report published by security research firm Night Lion Security states that the core members of GnosticPlayers (who are also connected with groups The Dark Overlord and Shiny Hunters) have been involved in 25% of non-credit card related data breaches between January 1, 2017 and June 30, 2020. [14]

See also

Related Research Articles

<span class="mw-page-title-main">CCleaner</span> Suite of utilities for cleaning disk and operating system environment

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

<span class="mw-page-title-main">Zynga</span> American social game developer

Zynga Inc. is an American developer running social video game services. It was founded in April 2007, with headquarters in San Mateo, California. The company primarily focuses on mobile and social networking platforms. Zynga states its mission as "connecting the world through games".

Zynga Poker is a social game developed by Zynga as an application for the social-networking website Facebook as well as Android, iPhone, Windows Phone, Windows, MySpace, Tagged, and Google+. It was launched in July 2007.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

Ghost Squad Hackers or by the abbreviation "GSH" is a politically motivated hacktivist team responsible for conducting cyber attacks on central banks, Fox News and CNN, leaking sensitive data of the United States Armed Forces, leaking sensitive data of the Israeli government, hijacking Afghanistan's Chief Executive's Twitter account, and much more. Led by the administrative de facto leader known as s1ege. The group's prime intent and focus is embedded on anti-governmental and organization cyber protests within current involvements of media speculation and real life happenings in 2021 to present.They are also a team in and part of the hacktivist group Anonymous.

A web shell is a shell-like interface that enables a web server to be remotely accessed, often for the purposes of cyberattacks. A web shell is unique in that a web browser is used to interact with it.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

Collection #1 is the name of a set of email addresses and passwords that appeared on the dark web around January 2019. The database contains over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. The list, reviewed by computer security experts, contains exposed addresses and passwords from over 2000 previous data breaches as well as an estimated 140 million new email addresses and 10 million new passwords from previously unknown sources, and collectively makes it the largest data breach on the Internet.

<i>Town of Salem</i> 2014 video game

Town of Salem is an online multiplayer game with social deduction and strategy elements. It was developed and published by indie game developer BlankMediaGames, and released on December 15, 2014. Early alpha and beta versions were browser-based and free-to-play. On October 14, 2018, the game was released for iOS and Android mobile devices after a successful and long-supported Kickstarter fundraiser.

Nulled is an online cracking forum.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

ShinyHunters is a criminal black-hat hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

On November 13, 2021, a hacker compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.

BlackCat, also known as ALPHV and Noberus is a ransomware family written in Rust, that made its first appearance in November 2021. By extension, it's also the name of the threat actor(s) that exploit it.

<span class="mw-page-title-main">Vinny Troia</span> American ethical hacker and cybersecurity researcher

Vincenzo Troia is an American ethical hacker and cybersecurity researcher who is known for reporting and identifying The Dark Overlord and hacker pompompurin, who was the owner-operator of the website BreachForums and was also involved in the 2021 FBI email hacking. He is also known for disclosing the Shanghai police database leak in 2022.

References

  1. "Zynga data breach exposed 200 million Words with Friends players". www.cbsnews.com.
  2. Hern, Alex (December 19, 2019). "170m passwords stolen in Zynga hack, monitor says" via www.theguardian.com.
  3. says, Anon (May 28, 2019). "Millions of Canva users' data stolen as GnosticPlayers strikes again".
  4. "Canva data breach: Why hacker Gnosticplayers boasted to the media". June 3, 2019.
  5. Cimpanu, Catalin. "A hacker has dumped nearly one billion user records over the past two months". ZDNet.
  6. "Times when 'Gnosticplayers' hacker made headlines for selling troves of stolen data on dark web | Cyware Hacker News". cyware.com.
  7. "Dark web data dump sees 620 million accounts from hacked websites go on sale". Independent.co.uk . 13 February 2019.
  8. "617 million hacked accounts put on sale on the dark web | Digit". www.digit.in. 13 February 2019.
  9. (PDF) https://www.nightlion.com/wp-content/uploads/2020/12/The-Dark-Overlord-Investigation-Report-Night-Lion_v1.01.pdf.{{cite web}}: Missing or empty |title= (help)
  10. "GnosticPlayers Part 1: An Overview of Hackers Nclay, DDB, and NSFW". Night Lion Security. 2019-12-30. Retrieved 2021-01-25.
  11. (PDF) https://www.nightlion.com/wp-content/uploads/2020/12/The-Dark-Overlord-Investigation-Report-Night-Lion_v1.01.pdf.{{cite web}}: Missing or empty |title= (help)
  12. Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet. Retrieved 2021-01-25.
  13. (PDF) https://www.nightlion.com/wp-content/uploads/2020/12/The-Dark-Overlord-Investigation-Report-Night-Lion_v1.01.pdf.{{cite web}}: Missing or empty |title= (help)
  14. (PDF) https://www.nightlion.com/wp-content/uploads/2020/12/The-Dark-Overlord-Investigation-Report-Night-Lion_v1.01.pdf.{{cite web}}: Missing or empty |title= (help)


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.