HIBP Look-alike Demands Ransom with Crypto
The burgeoning cryptocurrency industry, given the relative anonymity it affords users, has presented a number of financial security and personal privacy risks. Recent reporting has alerted web surfers to a fake version of the popular data breach service Have I Been Pwned (HIBP).
According to RTL news, the counterfeit web page asks users to shell out $10 USD in cryptocurrencies to remove their passwords from the database. HIBP is a legitimate site that offers its services for free. (To protect our users, we will not be linking to or identifying the name of the website in this article).
Extensive Database of 1.4 Billion Compromised Accounts
Similar to HIBP, the site runs user searches through a search engine. The fraudulent website claims to own a database of 1.4 billion accounts and passwords. For now, it is uncertain how the operators behind it managed to gain these credentials. Gladly, the web page has not received much attention. Unfortunately, it remains active on the web.
Like HIBP, the carbon copy allows anyone to search if an email account has been breached in the past. However, the distinction between the two is that the malicious website even displays the passwords and demands that the user pays $10 in bitcoin, ethereum, bitcoin cash, or litecoin to erase the data. Problematically, anyone can enter the email address of a third person to attain their passwords.
As per a TNW investigation, the website does not reveal passwords in plain text for all compromised accounts. Moreover, a great percentage of the passwords on the database may be out of date. The TNW findings state:
“We have been able to confirm that the sketchy website does indeed have a database with legitimate passwords. The good thing is that it appears the platform does not store plaintext passwords for all compromised accounts found in its database”
No Need to Fret
The malicious website only deletes leaked passwords if payment is made. Rather than cough up, users are advised to simply change their passwords. TNW has reported that the site has received zero transactions, indicating it has not been successful.
According to Daniël Verlaan, tech journalist at RTL news, the fraudulent web page asks visitors to wait for a long time as it runs illicit crypto mining scripts in the background. The tech journalist also highlighted that the website uses the same database as another password lookup service – Gotcha.
De zoekfunctie lijkt het niet meer te doen. In plaats daarvan vraagt de website je lang te wachten en draait 'ie een cryptominer op de achtergrond :')
— Daniël Verlaan (@danielverlaan) April 12, 2018
(Translation: The search function does not seem to work anymore. Instead, the website asks you to wait a long time and runs a crypto dinner in the background: ‘).
Hackers are finding varied ways to steal money in the form of cryptocurrencies from victims. Over the past few months, several ransomware programs have demanded ransom in cryptocurrencies. However, this HIBP clone appears to be the first of its kind. For now, the media and tech community have limited the spread of this malicious web page.
How can we stay safe from websites that reveal sensitive information on the internet? Share your views in the comments section.
Images via Pixabay