Major Dark Web host hacked, 381,000 sets of user details leaked online

News by Roi Perez

Freedom Hosting II, a major Dark web host has been hacked, resulting in 381,000 user emails leaking onto the public internet.

Web hosting company Freedom Hosting II, which hosts between 1500 to 2500 Tor-based sites, has been hacked.

A number of security experts have verified the hack, and some have estimated that roughly 20 percent of all websites on the Dark Web had gone offline as a result of it.

Dark Web and privacy researchers Sarah Jamie Lewis tweeted, “Given previous estimates on Dark Web sites and OnionScan figures, this is likely around 20 percent of active ark Web sites.”

The hacker responsible, has claimed that the company hosts thousands of child pornography images, alongside many “scam” sites, and cited this as the reason for the hack.

The hacker has published details of site administrators, and put up a message on FHII's website which reads, "Hello, Freedom Hosting II, you have been hacked”.

The hacker said in his statement that “50 percent of websites hosted by FHII were child porn-based and also include ‘many' scam sites.”

The attacker, who told news website Motherboard that it was their first ever hack, claims to have stolen 74GB of files and a 2.3GB database.

A list of impacted websites has been curated and posted online. The database has also been verified and posted to information sharing websites.

Troy Hunt, who runs Have I Been Pwned, has been given the MySQL database and claims it contains 381,000 email addresses. He added that it includes, “a very broad range of data from different systems (PHPBB, Wordpress).”

Hunt described the breach as a “pretty serious incident”, and “as you can imagine, a lot of the data is very explicit.”

Hunt claims that there are many .gov addresses stored in the database, but warned they may not be real.

Lewis (above) warned that where the Dark Web is known for hosting explicit materials and allows for the sale of drugs, it also allows journalists, for example, to avoid surveillance from an oppressive regime they may be living under.

Lewis tweeted, "FHII made it easy for people to start playing with anonymous publishing - and in doing so created a huge vulnerability.”  

Hunt has also warned that the data from Freedom Hosting II is likely to have been collected by police and intelligence agencies. "Law enforcement will absolutely have this data, it's ‘very' public. It also obviously has many real email addresses in it.”

The news of the FHII hack comes as a Dark Web marketplace going by the name of “Hansa” announces a bug bounty, in a bid to secure its business from hacking.

The marketplace allows for the trading of stolen credit cards, drugs and other shady dealings.

It has invited security researchers to seek out vulnerabilities in its system which can be worth up to 10 Bitcoins which could lead to users, vendors or administrators.  Less-intrusive bugs and glitches earn just 0.5 BTC.

Site administrators have vowed to maintain a great bug bounty programme, and warn that anyone using the bug for their own gain before the bug is patched, will have their payment withheld. By comparison, hackers who provide a proof-of-concept will earn higher rewards.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews