Hacked Records of 300,000 Users on Sale on the Dark Web

China-based automobile finance platform, Jiurong has been reportedly compromised by a hacker with malicious intent who has gained access to data records of almost 300,000 customers.

To add to insult to the injury, the data is now being sold on the dark web at the price of 1 Bitcoin (BTC). The compromising data includes personal data of Jiurong users including phone numbers and government-issued ID numbers.

At the time this article was written, BTC was priced at $4032.7 – the price of the compromised users’ personal information. The seller has also claimed that they will provide access to the company’s servers along with the user’s personal information. This goes far enough to show how difficult it can be to identify and crack down on illegal practices on the Dark Web.

The bad actor, going by the username “Lone Wolf” was found actively advertising his “product” on a Chinese underground online forum. The person had even offered to extend “technical support” to anyone who was “interested to lay [their] hands” upon the stolen data.

The company under attack, Jiurong, is a moderately-sized automobile financing company with over 300,000 registered users. The company has reportedly processed an estimated 4.4 billion CNY (est. $634 million) in transactions and rakes in almost 20 million CNY (est. $3 million) in monthly revenue.

Multiple users have confirmed the authenticity of the hacker’s claim: the data is indeed from Jiurong’s users. Though at the time of publishing this article, it was still unclear whether the data has already been sold, some unconfirmed sources say that “Lone Wolf” has already found a buyer.

There have been similar cases of data being stolen and auctioned off on the dark web throughout 2018. Brazilian cryptocurrency trading platform Atlas was hacked in late August this year, compromising the private information of over 264,000 users. This included email addresses, crypto account balances and phone numbers of the vulnerable users, although the company confirmed that no funds had been stolen from the users.

Also in August, 130 million leaked records of the Huazhu Hotel Group were being sold for 8 BTC online in the most significant data breach in China in the past five years. The group is one of the largest hotel management firms in China. The data was reportedly being stolen by a massive security breach.