As if the thought that millions of individuals’ names, addresses, IP addresses, sexual preferences and secrets were hiding away on a database somewhere on the deep web wasn’t bad enough, the fact it appears to be for sale makes it just that slight bit worse.
Encrypted forums and similar sites have been inundated with requests for the recently-leaked info. User ‘ROR[RG]’ appears to be the person responsible and wants to sell the information for 70 Bitcoin (around $17,000).
Tek Security Blog – who actually publicized the breach as far back as April – dug a little deeper and found that ROR[RG] was both pissed off with the press who had covered the story and ensured a lot of buyers’ requests (and attention/intrusion) went his way and keen to get back in the mix, offering his services to hack into any website requested for “750 [currency unspecified] in under 7 days.”
According to Motherboard, it remains unclear as to how many people have offered to buy the database – one diminishing in value with each day that passes – but any further media requests are being ignored. “i am fuckin on fire. cnn msnbc cbs fox,” he wrote at one stage. “agencies be messaging me man fuck them.”
InfoSec reporter Brian Krebs warned of the potential for extortion, citing the ease upon which anybody with the information could very quickly link an email address to any social media accounts. The activity has already begun in earnest. One moderator from the same forum ROR[RG] posts wrote: “Apple Id accounts you can use Tor to login perfectly safe! Good method so far use ‘Find My phone’. Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom.”
Long story short: a lot of people are in trouble and there’s nothing they can do about it.