The hacker, hiding under the pseudonym KingNull, has leaked open access to the base of one of the largest hosting on the darknet, Daniel's Hosting (DH).
Let me remind you that in the spring of this year, DH was hacked. Then, unknown attackers gained access to the DH backend and deleted all the databases associated with the hosting, as well as the owner’s account. Hosting developer Daniel Winzen said in a blog post that he had discovered the hack too late when it was useless to save anything. The fact is that DH intentionally did not have any backups.
As a result, Winsen closed his hosting and encouraged users to transfer their sites to other places. After the closure of DH, a total of about 7,600 sites (about a third of all onion resources) went offline.
At the same time, the developer assured that, on the whole, he would like to restart the service with new features and improvements so that he no longer had to spend all his free time on administration. However, he warned that this is unlikely to happen in the coming months.
As it turns out now, in March 2020, the DH base was not only removed, but also stolen. Someone with the nickname KingNull uploaded a copy of the stolen database to the file hosting service and notified the journalists of the publication Zdnet.
Judging by a quick analysis of the dump, the leak includes 3,671 email addresses, 7,205 account passwords and 8,580 private keys for .onion domains.
Under the Breach experts who helped journalists research the data confirm that the published dump contains information about the owners and users of several thousand domains on the darknet. According to the researchers, thanks to this database, you can associate email addresses from the database with specific darknet sites.
“This information can greatly help law enforcement agencies track down those who operate these sites or engage in illegal activities on these resources,” Under the Breach said.
Moreover, if site owners transferred their resources to another hosting, but continued to use old passwords, hackers can capture new accounts (if they crack cracked hashed passwords from DH).