I saw two retweets of this article I’m using the title of for this blog post of mine. Apparently, this is a 2018 company who is supposedly doing security work, but when I read the whole article, I’m really wondering who these people are.
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches,
has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper
collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not
yet publicly disclosed an intrusion.The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather
intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often
murky area between what’s legal and ethical in combating cybercrime.Data Viper is the brainchild of Vinny Troia, a security researcher who runs a cyber threat intelligence company called Night Lion Security. Since its inception
in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access
to the largest collection of private hacker channels, pastes, forums and breached databases on the market.”
If this is who this guy is, we’ve got problems. Brian Krebs goes in to much more detail on who this guy may be, claiming one particular username while someone else on some forum used the same name.
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches,
has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper
collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not
yet publicly disclosed an intrusion.The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather
intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often
murky area between what’s legal and ethical in combating cybercrime.Data Viper is the brainchild of Vinny Troia, a security researcher who runs a cyber threat intelligence company called Night Lion Security. Since its inception
in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access
to the largest collection of private hacker channels, pastes, forums and breached databases on the market.”Many private companies sell access to such information to vetted clients — mainly law enforcement officials and anti-fraud experts working in security
roles at major companies that can foot the bill for these often pricey services.Data Viper has
sought to differentiate itself
by advertising “access to private and undisclosed breach data.” As KrebsOnSecurity noted in
a 2018 story,
Why are you doing this if you are a security company? You should be knowing better. Security companies don’t particularly go doing things like this, they try to protect users from the problems. They could look for particular signs of a problem and work to alert people of the problem just like Mr. Krebs does.
In another paragraph, Brian writes:
Some of the databases for sale tie back to known, publicly reported breaches. But others correspond to companies that do not appear to have disclosed a security incident. As such, KrebsOnSecurity is not naming most of those companies and is currently attempting to ascertain the validity of the claims.
So we have databases the owner got from the underground forums that this supposed actor is claiming to have gotten and making available through his company? That’s really smart, don’t you think?
For a full rundown on this company, please feel free to read the entire article: Breached Data Indexer ‘Data Viper’ Hacked as it includes links to various other things. This makes me absolutely sick. Can’t believe companies are trying to get data, claim it is their own, get hacked and claim it was their customers. Shady much?
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.