Hack attack: dark web swells

A hacker has put 51 million file sharing accounts for sale on the dark web.

The data stems from the iMesh breach from 2013 and follows a recent run of login credential sales involving data from historical attacks. However the latest ID flog-off is much less a concern than the earlier sale of login data from LinkedIn and the like because people treated iMesh accounts as throwaway profiles right from the off, according to security experts.

“The iMesh breach from 2013 contains the usual bad passwords made familiar from many similar breaches over the years, such as ‘123456’, ‘password’, and ‘qwerty’, as well as site-specific passwords of ‘bearshare’ and ‘music’,” said Tod Beardsley, security research manager at Rapid7, the firm behind MetaSploit. “These common passwords imply that many of the user accounts associated with the service were throwaway accounts, where the users did not consider their accounts to be all that valuable.” ®