Dark Web Market Place Hacked, Sensitive Information Exposed!

AlphaBay, the largest dynamic dark web marketplace at present has had its vulnerabilities exposed by a hacker who managed to successfully hijack about 218,000 encrypted messages of several users using glitches in the internal mailing setup. The exposed messages contain information about deals between vendors and buyers including illicit drugs, malware and hacked data from various sources. The hacker who goes by the name ‘Cipher0007’ and revealed the private messages belonging to the buyers and sellers had disclosed ‘two high-risk bugs’ in the system. The first bug allowed the hacker to obtain more than 218,000 messages sent to the users in a 30-day timespan, whereas the second one allowed him to acquire the list of ‘usernames’ and specific user IDs. To prove the successful compromise of AlphaBay, the hacker took to Reddit and posted five screenshots of the user conversations revealing how they had shared confidential information regarding their personal addresses and tracking numbers without any encryption. AlphaBay administrators quoted in a statement on Pastebin as, “We have been made aware of the bug that allowed an outsider to view marketplace private messages and we believe that the community has every right to be made aware of what information obtained.” However, AlphaBay had assured its users that only messages sent and received in the past 30 days were affected and those before this were not accessible to the hacker. The admins ensured that the issue was fixed and within 4 hours of the screenshots going public. It has reassured its users that all forum messages, order data, and Bitcoin addresses were safe. “The hacker was paid for his findings and has agreed to tell us the methods to extract such information; our developers immediately closed the loophole to protect the security of our users,” AlphaBay Admins said. To prevent further such glitches, AlphaBay has advised users to use a PGP key and always encrypt sensitive data. However since AlphaBay is only accessible via Tor Browser and is a Dark Web marketplace, there lies a risk of law enforcement utilizing the bug to harness information and revealing the identities of individuals involved in such illegal activities. However, AlphaBay members using PGP key for encryption is found to be secure. However since AlphaBay is only accessible via Tor Browser and is a Dark Web marketplace, there lies a risk of law enforcement utilizing the bug to harness information and revealing the identities of individuals involved in such illegal activities. However, AlphaBay members using PGP key for encryption is found to be secure. AlphaBay would have to be more careful about their software as this is the second instance of such stature. In April 2016, Users private information was left exposed due to a flaw in its API, leading to exposure of about 13,500 private messages.