51 Million iMesh Account Details For Sale on Dark Web
Alexander Neil / 3 years ago
It is becoming a worrying pattern that so many services’ user account details are emerging for sale online. Now iMesh joins the list of services which has a large number of their users’ account details for sale on the dark web, 51 million to be exact.
iMesh may be defunct, which makes the account information less present, but at its prime in 2009, it was the third most popular file sharing service online. But just one month after going out of business, details of a past data breach are emerging for sale on the dark web by a notorious leak seller using the screen name “Peace”, but the database is already thought to be in wide circulation amongst the hacker community.
Breach verifying site LeakedSource managed to obtain a copy of the database and have been able to verify that it contains information on just over 51 million users. For each of these users, the leaked database exposes email addressed, MD5 hashed passwords (which are now easy to break), usernames, whether the account is disabled and, more worryingly, the user’s IP address and location. LeakedSource believes that the site was breached sometime in 2013, judging by the newest entries in the database.
Whether the data in the leak is real is hard to verify, however, due to the service now having been shut down. Roi Zemmer, the company’s chief operating officer declared that he was “not aware of any hacks” and “is currently using state of the art technology to protect users’ info.” Although if they truly stored their passwords as only MD5 hashes, this is hard to believe. Regardless of the service’s current status and age of the data set, the amount of personal information exposed in this leak could potentially be worse than many other recent database sales due to the relative insecurity of the passwords and data that can be used by hackers such as IP addresses and locations.