ETDA ThaiCERT
Report
Search
Home > List all groups > Gnosticplayers

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Gnosticplayers

NamesGnosticplayers (self given)
CountryPakistan Pakistan
MotivationFinancial gain
First seen2019
Description(ZDNet) The hacker said that he put up the data for sale mainly because these companies had failed to protect passwords with strong encryption algorithms like bcrypt.

Most of the hashed passwords the hacker put up for sale today can cracked with various levels of difficulty –but they can be cracked.

“I got upset because I feel no one is learning,” the hacker told ZDNet in an online chat earlier today. “I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry.”

In a conversation with ZDNet last month, the hacker told us he wanted to hack and put up for sale more than one billion records and then retire and disappear with the money.

But in a conversation today, the hacker says this is not his target anymore, as he learned that other hackers have already achieved the same goal before him.

Gnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale. Some companies gave into extortion demands and paid fees so breaches would remain private.

“I came to an agreement with some companies, but the concerned startups won’t see their data for sale,” he said. “I did it that’s why I can’t publish the rest of my databases or even name them.”
Observed
Tools used
Operations performedFeb 2019620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
<https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/>
Feb 2019127 million user records from 8 companies put up for sale on the dark web
<https://www.zdnet.com/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/>
Feb 2019Hacker is selling 93 million user records from eight companies, including GfyCat.
<https://www.zdnet.com/article/hacker-puts-up-for-sale-third-round-of-hacked-databases-on-the-dark-web/>
Mar 2019Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web
<https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/>
Apr 2019Hacker Gnosticplayers has stolen over 932 million user records from 44 companies
<https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/>
May 2019Australian tech unicorn Canva suffers security breach
<https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/>
Sep 2019Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach “Words With Friends,” a popular Zynga-developed word puzzle game, and unauthorisedly access a massive database of more than 218 million users.
<https://thehackernews.com/2019/09/zynga-game-hacking.html>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Fxmsp
Next: Guru Spider

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key