Login credentials of 4 mln Quidd users shared on the black market for free
Nearly 4 million credentials of registered Quidd users’ have been spotted circulated on the web hacking forum in an uncontrollable manner, researchers revealed. While the company stays silent, security experts express concern about 3.9 million email addresses, user names, and bcrypt hashed passwords, some of which are owned by prestigious organizations, including Microsoft, Tutanota, AIGM Target, and others.
According to ZDNet[1], the Quidd Data Breach must have been initiated in early 2020. Leaked Quick credentials have been uploaded to several underground forums and Pastebin[2] on March 12, 2020. The actor standing behind the leak is known by pseudonym ProTag, who initially traded emails, logins, and passwords. Exposed credentials have been removed from the trade in a couple of days. But not for long. Researches obtained a new host standing behind Quidd’s credentials that have been exposed as a free material for everyone since March 29, 2020.
Nearly one million Quidd registered user emails pertain to Microsoft, Tutanota, and other well-known entities
Quidd by Quidd Inc. is one of the most trusted apps that allows digital trading of cards, digital stickers, 3D figures, and other digital collectibles. It’s known for being a partner for over 300 of the world’s best brands. The apps provide access to a group of stickers for free while the other rare collections can be bought for Quidd’s currency.
The vast majority of registered Quidd’s users are teenagers or young adults. However, approximately one million leaked data sets appear to be professional, pointing out to well-known entities like the University of Pennsylvania, Tutanota, Virgin Media, AIG, Experian, Target, Microsoft, Accenture, and others.
While both the private and business sector is of equal importance and can be equally compromised, leakage of emails and login credentials of the company pose a high risk of email compromises and subsequent phishing attacks[3]. It has been presumed that the data will not become widespread due to the bcryped passwords. However, Risk Based Security confirmed that two hackers have already cracked the bcrypt cipher used for password protection and started selling access to nearly one million Quidd accounts.
Data Breach is a severe problem for everyone – individual users, businesses, and governmental institutions.
Despite multiple security measures taken[4], the number of credentials leaked during the massive data breaches keeps rising. Revealed login information, passwords, email addresses commonly lead to many serious issues, such as identity theft, thefts of sensitive information, and money losses.
Quids Data Breach is just one of the examples that do not allow the graph of the credentials leaked to fall. According to statistics, the number of massive data breaches throughout 2019 was up 33% over 2018, with a total of 7.9 billion exposed records[5]. It’s not a secret that data exposed on the black market is just a starting point for hackers. After a silent period, criminals strike and can misuse revealed credentials for cybercrimes, such as ransomware or malware distribution, phishing attacks, DDoS attacks, and other fraudulent activities that cost millions of the victims.