Another day, another database of hacked account details. This one, containing 93 million hacked records, was discovered for sale today on the dark web, the shady part of the internet reachable through special software.

The latest release from a hacker called Gnosticplayers, its third, contains user account details hacked from gif hosting service GfyCat along with a range of smaller sites. The database is being offered for sale on the Dream Market dark web site for 2.6249 bitcoin ($9,541.25).

The first database Gnosticplayers, released for sale last week, contained 620 million user records hacked from sites MyFitnessPal, MyHeritage, ShareThis and Coffee Meets Bagel. It was offered for roughly $20,000 in bitcoin. A second release, containing about 126 million hacked records, was then offered late last week but this time at varying prices per company.

The unknown question is whether the hacked data offered for sale by Gnosticplayers consists of new user data, previously released user data or both. In the case of Coffee Meets Bagel Inc., the data was not only new to the dark web, but the dating app provider wasn’t even aware it had been hacked until the database was offered for sale.

Some data such as Sharethis appears new to the dark web, but others may not be. MyFitnessPal, which is owned by Under Armour Inc. was hacked in March. At the time, the company said 150 million user accounts had been compromised, linking up with the 151 million MyFitnessPal account details found in the first Gnosticplayers release.

The only good news in all three releases so far is that although user account names, email addresses and sometimes other data is included, in most cases the passwords are hashed, making it very difficult for buyers to decrypt them.

Large databases combining data from various hacks isn’t new, but the method has become a bit of trend in 2019. In January, nearly 3 billion records were released over a series of databases dubbed “Collections.”

The first Collections release was a single database with 773 million email addresses and 21 million passwords. It contained a combination of stolen data from individual data breaches from thousands of different sources. Some 663 million of the addresses in the release had been previously indexed by Have I Been Pwned, indicating much of the data had been recycled. However, 140 million of the addresses are apparently new.

The second release, Collections #2 through to #5, contained 2.2 billion unique usernames and passwords. Like Collections #1, the data consisted of both previous data breaches and new data.

Photo: justinmathews/Flickr