Hacker steals more than 8,200 databases of a data leak monitoring service and puts it on sale on dark web


Hacker steals more than 8,200 databases of a data leak monitoring service to take revenge

According to the reports, More than 8,200 databases have been stolen by a hacker named NightLion from the backend servers of U.S. based cybersecurity firm Night Lion Security that offers data leak monitoring services to companies. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

Night Lion claimed it has stolen about 8,225 databases from the cybersecurity firm’s DataViper, a data leak monitoring service after the hacker gained access to DataViper’s backend. However, the dark web site contains proof of the hacker’s access to the server as well as 482 downloadable JSON files taken from the breached servers.

Firms like DataViper collect information about companies that had their data leaked online from the famous portals like the dark web, hacking forums, paste sites, and other locations. After collecting these data they compile “hacked databases” inside private backends to allow customers to search the data and monitor when employee credentials leak online, when the companies, themselves, suffer a security breach.

According to ZDNet who analyzed the hacker’s email and the dark web portal, the hacker spent up to three months inside DataViper servers and is now selling fifty of the biggest stolen databases on the Empire dark web marketplace.

Night Lion security researcher, Vinny Troia, told ZDNet that the DataViper server that the hacker gained access to was a test instance, that data stored in the stolen databases indexed to DataViper had been public for many years, and some of the data had been obtained from the same communities of hackers to which hacker NightLion belongs.

When people think they are above the law, they get sloppy. So much so they forget to look at their own historical mistakes. I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven’t learned. All they had access to was a dev environment.


“Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people’s attention. These are the actions of scared little boys pushed up against a wall facing the loss of their freedom,” he added.

The website contains an e-zine (electronic magazine) detailing the intrusion into DataViper’s backend servers. The hacker claims that he spent three months inside DataViper servers while exfiltrating databases that Troia had indexed for the DataViper data leak monitoring service.

The hacker has also posted the full list of 8,225 databases that Troia managed to index inside the DataViper service, a list of 482 downloadable JSON files containing samples from the data they claim to have stoled from the DataViper servers, and proof that they had access to DataViper’s backend.

The hacker was also been spotted selling some 50 of the biggest databases that were found inside DataViper’s backend which includes 56.7 M Fornite Player emails, and about 3 M Ubisoft emails.

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments