Records of a darknet hosting provider have been leaked online by a hacker. The leaked data contains passwords of the site admin, email addresses, and .onion domain private keys.
According to the report, the hacker obtained the leaked data on March 10 this year, after compromising Daniel’s Hosting (DH) earlier in the year. The hosting provider is the biggest free web hosting provider for dark web services .
After the hack, the provider shut down to curtail the impact of the infiltration. But it has since asked users to get another darknet hosting provider for hosting service.
During the hack, about 7,600 web portals were affected as the attacker deleted the entire database of the web hosting portal.
At the time of the attack, the owner of the portal, Daniel Winzen, reported that the hacker was able to breach the portal and steal its database, then deleted all servers from the portal.
Today, a copy of the compromised DH’s database was leaked online by a hacker known as KingNull. The hacker uploaded the database on a file-hosting portal, informing security researchers about the recent development.
Based on the analysis of the data dump, the compromised data contains 6,580 .onion domains private keys, 7,205 account passwords, and 3,671 email addresses.
Cybersecurity analysis firm, Under the Breach , looked at the stolen data to find out the actual contents of the database.
“The leaked database contains sensitive information on the owners and users of several thousand darknet domains,” the security firm said.
Under the Breach also reiterated that the compromised data could connect the owners of certain compromised email addresses to some dark web platforms.
According to the firm, the leaked information can assist law enforcement agencies to get the identity of individuals who have taken part in illegal activities on the darknet.
No one is sure why the hacker compromised the system and eventually dumped it for security researchers to examine. However, one certain thing is the possibility of exposing some of the cybercriminals who have had previous deals on the DH’s dark web. With their email accounts and passwords exposed, it will be easier to track them down, Under the Breach said.
Additionally, if the site owners did not change their old passwords when moving their portals to other providers, hackers can still track and expose them by cracking the leaked DH hashed passwords.
Law enforcement and threat intelligence firms will be combing the database to look for information about the users hosting cybercrime-related sites. However, the compromised data may put the owners of political and dissident sites at risk as well. Their identities could be revealed to oppressive regimes, which may have massive repercussions if the users fail to protect their identities.
Generally, the IP addresses of these exposed users could have made the job of law enforcement earlier. But since these are not included in the leaked data, it may be difficult to trace these users.
This is not the first time DH has been hacked. In November 2018, the hosting provider suffered its first breach when a hacker compromised the portal’s backend database and wiped all sites clean. During that hack, over 6,500 accounts were deleted, but there was no record of any leaked data from the hack.
Apart from DH, other darknet providers have also been hacked. A year earlier before DH was first hacked, the same hacker infiltrated Freedom hosting II after they found out the hosting provider was providing support for child abuse portals.
At the time, KingNull also claimed to be responsible for the hacking attempt, although no data dump was also recorded at the time.
After the hack in March this year, Winzen said there are still plans to re-launch the website, but only after some major improvements have been made.