CouchSurfing has just confirmed that it is investigating a supposed data breach, after discovering that a hacker group is selling the details of around 17 million users on Telegram channels and hacking forums. Sellers demand $700 USD in exchange for information extracted from the company.
It should be remembered that CouchSurfing is an online service that allows users to find free hosting, as well as facilitate meetings between travelers around the world through a website and mobile app.
Investigation platform ZDNet managed to contact the seller, who requested to remain anonymous and mentioned that the firm’s data first appeared on Telegram’s private channels in the past few days. Users who started advertising this information noted that they came from CouchSurfing.
The seller also shared a sample of the information for sale with ZDNet, allowing researchers to verify that the records include data such as full names, username, email address, and account type. Although passwords are not included in the information exposed, researchers fear that hackers have had accessed this data.
In this regard, CouchSurfing’s IT team only commented that they are investigating the incident in collaboration with a cybersecurity firm and the competent authorities. Although at first the company’s data was only available on Telegram channels, the information has begun to appear on hacking forums hosted on dark web, including the platform specialized in the sale of stolen information RAID Forum.
The company was founded in 2004 and has around 12 million registered users, although the number of active users currently hovers around 6 million. According to Amazon Alexa’s latest figures, CouchSurfing is one of the 10,000 most searched websites in the world. Because hackers are selling more than 17 million records, the database is highly likely to include hundreds of thousands of duplicate records.
Specialists believe that data could be obtained through an exposed backup, as companies often pay little attention to protecting their security backups. Online storage environments also show serious security deficiencies, making it easier for hackers to work.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.