The Database of the Largest Dark Web Hosting Provider Daniel's Hosting Has Been Hacked

On March 10, Daniel Winzen, the software developer behind a dark web hosting provider called Daniel's Hosting (DH), found out that his service had been hacked. A cybercriminal had somehow managed to break through DH's security and had wiped out all the dark web portals located on its servers. 7,600 websites went down because of the attack, and a database full of customer information was also stolen. Daniel's Hosting was considered the biggest dark web hosting provider at the time, and it was clear that this had turned it into an appealing target for cybercriminals.

March 2020's breach was actually the second attack aimed at DH. The first one took place in November 2018, and it also knocked offline quite a few dark web portals. After the second breach, Daniel Winzen decided to call it a day, and he told ZDNet that the service will remain offline "for the foreseeable future." He probably hoped that that would be the end of that, but the reality turned out to be a bit different.

A hacker leaks DH customer data

Apart from the downtime, November 2018's data breach didn't have any additional consequences for DH's customers. This time, however, the repercussions could be much more severe.

Yesterday, a hacker going by the nickname KingNull, used a public file hosting website to publish a copy of the database stolen during March's attack on DH. The hacker then got in touch with ZDNet, and the news broke. An analysis of the database revealed that it contains just under 3,700 email addresses, a little over 7,200 DH account passwords, and around 8,600 private keys for dark web domains.

The leak could have serious consequences for affected customers

When Daniel Winzen announced DH's death, he pointed out that one of the reasons for the shutdown is the amount of time wasted on deleting accounts that were trying to use the hosting service for illegal operations. He was apparently trying to run a legitimate service, and the fact that he was ready to put his name behind it should be proof of this. We all know, however, that the dark web is full of people engaging in all sorts of illegal activities, and the DH leak means that they might just be in for a nasty surprise.

The email addresses included in the database, for example, could help law enforcement agencies connect individuals to dark web domains that are suspected of facilitating scams or illegal operations. According to ZDNet's report, the leaked passwords are hashed, but if cybercriminals manage to crack them, they could be in with a shot of compromising the affected dark web portals, provided, of course, the websites' owners continue to use the same password. As always, the threat of credential stuffing is very real as well.

We've yet to see what the consequences of the leak will be. It should be pretty clear, however, that when KingNull published the database, he knew that the potential damage is pretty serious.