AlphaBay Dark Web Market Place Exposed 200,000 Private User Messages

AlphaBay Dark Web Market Place Exposed 200,000 Private User Messages

One of the largest Dark Web markets, AlphaBay, has been outlined with a huge security problem which allows hackers to access private messages. The issue is due to a vulnerability disclosed by Reddit user Cipher0007 who is most likely a security researcher.

He tested out the flaw and found out that he could easily harvest more than 200,000 private messages. The messages are private conversations held between users and sellers. Fortunately, AlphaBay responded on time and patched the vulnerability. The researcher was also rewarded.

Related: This Man Stole Six Figures Worth of Bitcoin from Dark Web Crooks

Interestingly, when Ciper00007 first contacted AlphaBay to let them know about his findings, they ignored him. That is why he went on to demonstrate what he knew to DarkNetMarkets mods on Reddit. He claimed that he had created a bot to automate the collection of messages.

AlphaBay later explained that the messages were not older than 30 days. Messages older than 30 days are automatically deleted. They also confirmed that the researcher was able to obtain a list of user IDs and usernames. No passwords or Bitcoin addresses were compromised.

Cipher0007 however posted screenshots that expose private messages containing lots of sensitive user details, like:

  • First and last names;
  • Nicknames;
  • Addresses;
  • Package tracking numbers, etc.

Related: Dream Market Is Number 1 for Illegal Bitcoin Trade

All that information wasn’t protected by PGP keys, as explained by Softpedia. AlphaBay reminds users that it’s very important to encrypt their sensitive details. They also claim they have done everything possible to improve the website. Nonetheless, considering the character of market place, it’s very likely hackers will continue to target it. Next time it may not be a researcher or a morally sound person but a black hat hacker.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.