A significant data breach has come to light, involving over 51 million records stolen from iMesh, a now-defunct peer-to-peer file-sharing service. This breach is reportedly attributed to the hacker known as “Peace,” who previously gained notoriety for similar attacks on major social media platforms, including LinkedIn, MySpace, Tumblr, and VK.com.
Based in the United States, iMesh was once one of the country’s most prominent file-sharing services, allowing users to exchange multimedia files through peer-to-peer protocols. Launched in the late 1990s, its popularity peaked in 2009 before its recent closure. LeakedSource, a platform specializing in indexing leaked login credentials, confirmed it has acquired the compromised database from the breach.
The stolen database contains sensitive user information, including email addresses, usernames, passwords, and IP addresses. Analysis of the data indicates that while passwords were stored in a hashed and salted format, the use of the MD5 algorithm for salting has rendered them vulnerable to modern decryption techniques.
Recent insights suggest that the hacker compromised iMesh’s system on September 22, 2013, accumulating a treasure trove of data over time. The database reflects a diverse user base, with significant numbers hailing from the United States, Turkey, and the UK, among other regions. Many users registered using Hotmail and Yahoo email addresses, with a concerning number of accounts identified using “123456” as their password.
This latest breach raises critical cybersecurity concerns, particularly regarding the methods employed by the attackers. Techniques outlined in the MITRE ATT&CK framework, such as initial access and exploitation of vulnerabilities, could serve as a basis for understanding how such intrusive attacks are executed.
As the database circulates in illicit online marketplaces, available for purchase at about 0.5 Bitcoin (approximately $335), it is imperative for business owners and users alike to reevaluate their password security practices. Immediate action should be taken to strengthen passwords across all accounts, especially for those reused across multiple platforms.
In light of these developments, businesses must remain vigilant in their cybersecurity strategies. The increasing frequency of data breaches emphasizes the necessity for robust data protection measures to safeguard sensitive information against evolving threats.
