AlphaBay admin officially announced that there is a security breach on their Marketplace. The attacker gained access to over 218,000 private messages on Dark Web Marketplace.
A user named “Cipher0007”, posted five screenshots of random user private conversation on Reddit. The Dark Web Marketplace (AlphaBay) confirmed the bug and issued a statement regarding the incident, admitting that the intruder gets access to over 218,000 user’s private messages.
The intruder gets the last 30-day private messages of AlphaBay user due to a bug on their marketplace. He obtained the list of user IDs and their username. And, also the Marketplace PMs not older than 30 days, up to ID 2609452.
Reddit admin confirmed the bug on the same day where the data is breached on their marketplace. AlphaBay admin acknowledged the second bug, which was discovered by the same Cipher0007.
AlphaBay Bugs
AlphaBay is a world of hidden dark web, where one can buy legal and illegal products such as drugs, exploits, malware, stolen data, guns, and more. The user more often talks about their transaction procedure and order details via private messages, where they exchange contact and payment information.
To avoid the AlphaBay user from the threat, admin allows the user to use a PGP key to encrypt the information like delivery addresses, Bitcoin wallet IDs, tracking numbers, and others.
AlphaBay Pays Cipher0007 to Reveal the Secrets
AlphaBay admin paid Cipher0007 to reveal the method that he used to access their user’s private messages and IDs.
Earlier in Aril 2016, AlphaBay suffered from a similar incident, when there is a bug in their API which allowed the attacker to obtain access to 13,500 private messages.
Cipher0007 also found another bug in the Hansa Market after the discovery of AlphaBay Dark Web Marketplace.