DataViper provides data leak monitoring service. It is managed by Vinny Troia, the security researcher behind Night Lion Security, a U.S.-based cyber-security firm.
And here, a hacker claimed to have breached the backend servers belonging to the company, and stole a massive trove of information from the company's "data leak detection" service.
The hacker said that the stolen data includes more than 8,200 databases containing the information of billions of users that were previously leaked from other companies during past security breaches.
The news surfaced as the hacker that goes with the name NightLion, emailed tens of cybersecurity reporters a link to a dark web portal where the information about the hack is published.
The site contains an e-zine (electronic magazine) detailing the hacker's intrusion into DataViper's backend servers.
On the page, the hacker claimed to have spent months inside DataViper servers while exfiltrating its databases, and listed 482 downloadable JSON files containing samples from the stolen data as a proof.
Furthermore, the hacker also posted ads on the Empire dark web marketplace where the hacker puts up for sale 50 of the biggest databases that the hacker found inside DataViper's backend.
It was reported that most of the stolen databases listed by the hacker came from "old breaches" that originated from other hackers' intrusions years ago, most of which were already leaking on the web on several forums and websites.
According to Troia, in some of the cases, the databases that the hacker published were actually the databases Troia obtained from in the first place.
Troia admitted that the hacker gained access to one of the DataViper servers, but the servers that were hacked were merely a test instance. Troia believes that the hacker is selling their own databases, rather than the databases they actually stole from DataViper servers.
The rest of the databases however, were new.
Troia believes that the hacker is associated with with several hacking groups with prolific hacking history, such as TheDarkOverlord, ShinyHunters, and GnosticPlayers. These hacking groups have been responsible for hundreds of breaches, some of which Troia indexed in his DataViper database.
Troia's full statement:
"I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven't learned. All they had access to was a dev environment. Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people's attention."
"These are the actions of scared little boys pushed up against a wall facing the loss of their freedom."
A data leak monitoring service is a common type of service offered by cybersecurity firms. And DataViper is no exception.
Security companies constantly scan the dark web, hacking forums, paste sites, and other sources to gather information about data that has been hacked or leaked.
After that, whatever they find are then compiled inside what it's called "hacked databases" that reside in private backends of the companies. This is to allow customers to search for the data and monitor when employees' credentials are leaking on the web, or when the companies suffer a security breach.