Thursday, 26 January 2017

On 01:51 by admin   No comments
A Dark Web marketplace is where you can buy anything from illegal drugs to weapons and several other products including digital goodsIn a recent listing, a well known dark web vendor going by the handle “DoubleFlag” is selling data stolen from several Chinese Internet giants.

According to the listing, the data belongs to companies such as NetEase Inc and its subsidiaries, and Tencent Holdings Limited owned, TOM Group’s, Sina Corporation’s, Sohu, Inc.’s and Letter Network Information Technology Co., Ltd owned

NetEase data

NetEase, Inc, a Chinese Internet technology company that provides online services focusing on content, communications community and is the official website of NetEase while is a popular Chinese email provider and a subsidiary of NetEase. The hacker is selling 143,725,840 accounts from, 1074,795,268 accounts stolen from and, 91,239 from domain respectively.

NetEase’s data is another domain owned by NetEase providing email services to the users. Although the domain is widely used for phishing scams, the hacker has now access to its 3,281,420 accounts which are now available for sale.

Tencent Holdings Limited’s data

QQ is a famous instant messaging software service also recognized for providing a variety of services, including music, microblogging, voice chat, online social games, movies and shopping. The data available for sale belongs to their primary domain and the total number of user accounts are 126,936,489 and 2.759.960 from

Sina Corporation’s data

Sina is a famous Chinese online media company known for its Sina Weibo server, a Twitter-like microblog social network or Chinese version of Twitter. itself is the largest Chinese-language web portal with overall registered users numbering more than 100 million. The total number of user accounts offered by DoubleFlag is 31,037,726 stolen from and domain.

Sohu, Inc.’s data

Sohu, Inc. is a yet another Chinese Internet company offering a search engine, advertising, on-line multiplayer gaming and other services. Sohu was also responsible for creating and handling the official website of the Beijing 2008 Olympic Games.
The data which is being sold was stolen from and contains accounts of 23,198,610 users. The hacker is also selling 236,169 accounts taken from (Sogou search engine), a subsidiary of Sohu, Inc. founded on 9 August 2010.

TOM Online’s data

TOM Online is a mobile Internet company in China, operating the popular Chinese-language Internet portal ( and offering a variety of online and mobile services, including wireless internet and online advertising. The hacker is selling 8,258,839 user accounts stolen from their primary domain

Letter Network Information Technology Co., Ltd.’s data

Eyou or is a Chinese-based webmail service which has been targeted by DoubleFlag, and the total number of user accounts available for sale are 1,516,976.

SK Communications Co., Ltd.’s data is a South Korean web portal, developed by SK Communications. Nate also owns a social media site Cyworld. However, DoubleFlag is selling accounts of 574,258 users stolen from Remember, Nate is one of the most visited websites in S.Korea.
In the listing description, DoubleFlag has mentioned that some above-mentioned accounts come with plaintext while some of them come with MD5 hashes which are very easy to crack. The total number of plain text and MD5 accounts has not been mentioned but according to the same listing, the total number of accounts on sale is One billion eight hundred forty-five million six hundred six thousand six hundred twenty-seven (1,845,606,627) from October 2015. The data leak has been labeled as “The Big Asian Leak.”
Screenshot from the marketplace where data is being sold.

In the same listing, DoubleFlag is also offering other user accounts he claims to have stolen from,,,, China’s Hotmail, MSN and Live accounts. The total number accounts being offered from all three Yahoo domains is 23,590,165, 17.928.531 Hotmail accounts, 3.371.754 Gmail accounts, 1.098.274 MSN accounts and 407.423 Live accounts.

History of DoubleFlag and his listings on the Dark Web marketplaces:

In 2016, when the trend of selling databases on the Dark Web marketplaces started to grow, several vendors came up with high-profile data such as AdultFriendFinder,Dropbox, LinkedIn, MySpace, and Twitter etc. The one vendor who came up with non-stop data was DoubleFlag. In the last couple of months, the databases uploaded by him for sale included Brazzers, Epic Games, ClixSense, uTorrent Forum,,,, Dropbox and even 203,419,083 accounts from Experian plc, a major credit reference agency with operations in 40 countries. Although Experian denied that their servers were ever breached by hackers the alleged data is still available for sale for just BTC0.8873 (USD 800.00).

Is the ‘The Big Asian Leak’ data legit?

As mentioned above, Experian categorically denied that their servers were ever breached leaving a question mark on other listings uploaded by DoubleFlag. However, looking at his Feedback Ratings on the marketplace there hasn’t been a single negative rating of his 60+ successful sales.

Also, since DoubleFlag is not responding to my sample data request, therefore, it’s up to these companies to examine and confirm if their servers were recently or previously breached.


Post a comment