Quidd Data Breach
Quidd Data Breach

Quidd has been an interesting platform among teenagers, allowing them to share their interests in the form of digital collectibles. Now, there’s a hacker named ProTag is dumping over four million login credentials of Quidd users in a public hacking forum, after being shared multiple times in other groups since late 2019. There’s no word from Quidd yet, but the data breach regarding these shared accounts was claimed to be dating back October 2019.

Poster by ProTag of Quidd database sale
Poster by ProTag of Quidd database sale

Current lockdowns around the world are pushing people to rely heavily on online entertainment sites like torrents, steaming, gaming, etc. And Quidd is no exception. This online marketplace lets users share their digital collectibles as stickers, cards, toys, etc for Quidd money (and real money too). This community is popular enough to be noted by hackers, as one who claims to be breaching Quidd and scraping login credentials of over 4 million, is now sharing it openly in a public forum!

Quidd Data Breach
Quidd Data Breach

Open, but encrypted!

As ZDNet reported, this was first detected by Risk Based Security on Friday, who have even collected and tested some data. Interestingly, it appeared to be valid! The dataset contained details of users’ usernames, email addresses, and encrypted passwords. Luckily, the passwords weren’t laid bare in plaintexts but hashed with script encryption.

Index of Quidd's Collection
Index of Quidd’s Collection

And this is why hackers weren’t that interested, as many would-be preying on data that are easier to access. A data trader talked to ZDNet revealed that, after ProTag initially selling the data in the dark web, it’s then privately traded many times in several high-profile groups and even posted in Pastebin. After all, it’s touted to be circulating since October 2019, and have been dumped publicly by ProTag for free now!

Though it’s somewhat safe for passwords being encrypted, few hackers were offering decrypted databases too. There were sellers detected, offering over 135,000 accounts and over one million accounts of decrypted data! Thus, it’s advised for all Quidd users to change their passwords as soon as possible.

Via: ZDNet

LEAVE A REPLY

Please enter your comment!
Please enter your name here