© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Ask.FM database with 350m user records allegedly sold online

A listing on a popular hacker forum offers 350 million Ask.FM user records for sale in what might be one of the biggest breaches of all time.

The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users.

“I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also get 607 repositories plus their Gitlab, Jira, Confluence databases.”

Ask.FM hack

The posting also includes a list of repositories, sample git, and sample user data, as well as mentions of the fields in the database: user_id, username, mail, hash, salt, fbid, twitterid, vkid, fbuid, iguid. It appears that Ask.FM is using the weak hashing algorithm SHA1 for passwords, putting them at risk of being cracked and exposed to threat actors.

The threat actor says that he’d prefer “a singular sale.”

"Askfm has not suffered any security incidents (or any “recent Ask.fm hack”) as your email suggests therefore we have no comment to make on any such falsities," Ask.FM told Cybernews.

In response to DataBreaches, the user who posted the database – Data – explained that initial access was gained via a vulnerability in Safety Center. The server was first accessed in 2019, and the database was obtained on 2020-03-14.

Data also suggested that Ask.FM knew about the breach as early as back in 2020.

More from Cybernews:

Here’s what Uber and GTA hacks have in common

Bad actors star in Netflix phishing scam

YouTube recommendations are out of control, Mozilla says

Third-party provider blamed for $160m crypto heist

American Airlines revealed sensitive customer information in a data breach

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked