Highlights:

  • A threat actor has deceived Daniel’s Hosting, one of the most popular free web hosting providers for dark web services.
  • Compromised data contains:
  1. Email addresses
  2. .onion domain private keys
  3. Site admin passwords

On May 31, 2020, a database breach of Daniel’s Hosting (DH) was identified when a hacker leaked the compromised details on the dark web.

The leaked data contained details such as email addresses, site domain passwords, and .onion domain private keys.

More on the data breach

It is reported that Daniel’s Hosting data was obtained by the hacker on March 10, 2020. Daniel Winzen, the owner of Daniel’s Hosting, revealed that the threat actor manipulated his portal and stole its database and later erased all the servers.

Two weeks later, on March 26, 2020, Daniel’s Hosting experienced a devastating aftereffect of the breach and had to stop its service for good asking users to transfer their sites to another dark web-hosting portal.

Post Daniel’s Hosting shutdown, about 7,600 websites went down, which approximately accounted for one-third of all dark web portals.

What type of data was leaked online?

On May 31, 2020, the notorious threat actor known as KingNull uploaded a copy of compromised Daniel’s Hosting data on a file-hosting portal that contained sensitive information.

As per a brief analysis of the data, the leaked information includes the following:
  • 3,617 email addresses
  • 7,205 account passwords
  • 8,580 .onion domains private keys

Under the Breach, a threat intelligence firm confirmed that the leaked database of Daniel’s Hosting contained sensitive information associated with owners and users of thousands of darknet domains.

Additionally, the intelligence firm mentioned the data that has been made public could be utilized to connect email addresses of owners to specific dark web portals.

Under the Breach also stated that the information revealed is substantially helpful to law enforcement agencies to track individuals operating or participating in illegal activities on these darknet sites.

Experts also mention that even if compromised site owners move their websites to a different dark web portal with the same old password, hackers could take control of their new account, once the DH hashed password is cracked.

The law enforcement and threat intelligence firms are using this data for clues of users who had their sites on this dark domain simultaneously. The leaked data might also add to the risk quotient of dissident and political sites and can experience a series of consequences in case necessary steps to protect their identities are not exercised.

Surprisingly, IP addresses that could have supported law enforcement investigations were not a part of the dumped data.

Post the March 2020 hack, Daniel’s Hosting plans to relaunch the service in a couple of months after making a range of improvements on a priority basis.