GnosticPlayers

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga,[1][2] Canva,[3][4] and several other online services.[5][6]

The Independent reported that GnosticPlayers had claimed responsibility for hacking other online businesses, and stealing hundreds of millions of credentials from web databases such as MyFitnessPal, Dubsmash, and fourteen others; and subsequently selling these credentials on the dark web.[7][8]

Reported members

In 2020, cybersecurity author Vinny Troia published a report listing the following core group members:[9]

  • Maxime Thalet-Fischer, who went under the aliases DDB, Casper, RawData and Pumpkin, was the seller of the group.
  • Nassim Benhaddou, who went under the alias Prosox, was a member of the group and was known to be Gabriel's early associate. According to Troia, Benhaddou later went on to form the group ShinyHunters.[10]

In 2019, Nassim Benhaddou, Gabriel Kimiaie-Asadi Bildstein, as well as Maxime Thalet-Fischer, were arrested after Gabriel confessed that they hacked Gatehub.[9] The hack reportedly involved the theft of $9.5 million worth of cryptocurrency.[11]

Companies affected

GnosticPlayers have taken public responsibility for the following data breaches:[9]

500px • 8fit • 8tracks • Animoto • Armor Games • Artsy • Avito • BlankMediaGames • Bookmate • Bukalapak • Canva • Chegg • CoffeeMeetsBagel • Coinmama • Coubic • DailyBooth • DataCamp • DubSmash • Edmodo • Epic Games • Evite • EyeEm • Fotolog • GameSalad • Gatehub • Ge.tt • GfyCat • HauteLook • Houzz • iCracked • Ixigo • Legendas.tv • LifeBear • LiveJournal • LovePlanet • mefeedia • MindJolt • MyFitnessPal • MyHeritage • MyVestigage • Netlog & Twoo • OMGPop • Onebip • Overblog • Petflow • PiZap • PromoFarma • RoadTrippers • Roll20 • ShareThis • Shein • Singlesnet • Solstice • Storenvy • StoryBird • StreetEasy • Stronghold Kingdoms • Taringa • Wanelo • WhitePages • Wirecard • Yanolja • YatraYouNow • Youthmanual • ZomatoZynga

See also

References

  1. ^ Ivanova, Irina (2 October 2019). "Zynga data breach exposed 200 million Words with Friends players". CBS News. Archived from the original on Feb 22, 2024.
  2. ^ Hern, Alex (December 19, 2019). "170m passwords stolen in Zynga hack, monitor says". The Guardian. Archived from the original on Sep 13, 2023.
  3. ^ Vaas, Lisa (May 28, 2019). "Millions of Canva users' data stolen as GnosticPlayers strikes again". Naked Security. Archived from the original on Jul 21, 2023.
  4. ^ "Canva data breach: Why hacker Gnosticplayers boasted to the media". June 3, 2019.
  5. ^ Cimpanu, Catalin. "A hacker has dumped nearly one billion user records over the past two months". ZDNet.
  6. ^ "Times when 'Gnosticplayers' hacker made headlines for selling troves of stolen data on dark web". Cyware. September 30, 2019. Archived from the original on Mar 25, 2023.
  7. ^ "Dark web data dump sees 620 million accounts from hacked websites go on sale". Independent.co.uk. 13 February 2019.
  8. ^ "617 million hacked accounts put on sale on the dark web | Digit". www.digit.in. 13 February 2019.
  9. ^ a b c "The Dark Overlord Cyber Investigation Report" (PDF). Night Lion Security. Archived (PDF) from the original on Dec 11, 2023.
  10. ^ "GnosticPlayers Part 1: An Overview of Hackers Nclay, DDB, and NSFW". Night Lion Security. 2019-12-30. Retrieved 2021-01-25.
  11. ^ Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet. Retrieved 2021-01-25.


Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.