A Data Viper Hack Has Allowed Cybercriminals to Leak Private Records From More Than 8,000 Breached Websites

On Wednesday, Vinny Troia, the founder of a cybersecurity company called Night Lion Security and a data leak alert service by the name of Data Viper, is set to deliver a keynote speech at the Secure World security conference. Last week, he proudly announced that during it, he will be revealing the real-world identities of some of the members of TheDarkOverlord, Gnostic Players, and Shiny Hunters – three hacking groups that have a bit of a reputation for stealing and leaking private data from different online service providers. This appears to have upset some people.

Hackers attack Data Viper

The other day, security reporters received an anonymous tip that led them to a dark web portal, which included a popular internet meme and the words "I'm about to end this man's whole career." The man in question is Vinny Troia.

According to ZDNet, the website is an electronic magazine that describes in great detail a successful attack against Data Viper. Apparently, the hacker read through Data Viper's API documents carefully and found a forgotten admin password, which he later used to break in. The initial compromise took place more than three months ago, and since then, the attacker has managed to download hundreds of gigabytes of personal information leaked by a number of different services and collected by Data Viper.

The intruder provided a list of 8,200 databases that were allegedly stolen from Data Viper, and they furnished them with samples, which do suggest that the leak is real. Although many of the records appear to be coming from well-known data breaches, quite a few have been stolen from incidents that haven't been publicly disclosed yet.

Damaging Vinny Troia's reputation was undoubtedly one of the attacker's goals, but the hacker decided that having stolen all that data, they may as well monetize some of it. Fifty of the biggest databases allegedly downloaded from Data Viper's servers are now for sale on one of the dark web's popular marketplaces.

Vinny Troia: It was a test server, and the hackers didn't steal anything

Along with the list of the databases and sample records, the hacker also provided an archived version of a TXT document which does prove that they had access to Data Viper's website on July 9. Vinny Troia hasn't denied this, but he said that not all is as it seems.

He officially admits that a hacker managed to compromise data leak monitoring service, but he claims that the hacked server is a part of the Data Viper's development environment. Troia is adamant that the attacker had no access to any production files and databases, and according to him, the gigabytes of personal information that the hacker is bragging about at the moment were obtained by other means.

A quick glance at the discussion on Twitter shows that not everyone seems to agree with him. In fact, some people even question Troia's methods for collecting compromised data for Data Viper.

In the end, who's right and who's wrong is not for us to dwell upon, not least because for the millions of people who have had their information stolen and sold on the dark web, this isn't really that relevant at all.