A hacker that goes by the name Gnosticplayers is selling 26 million stolen user data on the dark web with the price of $5,000 worth of Bitcoin.
This data dump includes those from six companies including Indonesian e-commerce unicorn Bukalapak, which as of last year had more than 50 million users and processed half a million transactions per day.
Bukalapak is said to have its 13 million users affected.
Other affected businesses include GameSalad, a game development platform (1,6 million users); Estante Virtual, a Brazilian bookstore (5,45 million users); Coubic, an online task manager (1,5 million users), Notebook app LifeBear (3,86 million users); and YouthManual, an Indonesian student career website (1,12 million users).
This is the fourth data dump posted on the Dream Market, an online dark web marketplace founded in late 2013.
Previously, the hacker sold at least 620 million accounts stolen from 16 popular sites, to then sold at least 127 million accounts from 8 websites. The hacker's third attempt was selling 92 million accounts from another 8 different sites.
Read: 700+ Million Stolen Accounts From 24 Hacked Websites Sold On The Dark Web
Bukalapak confirmed that its platform experienced multiple hack attempts, but the e-commerce site denied any stolen user data.
Intan Wibisono, the Head of Corporate Communications at Bukalapak, said that sensitive information such as password, financial records and other private data are safe from hackers.
"We are always improving our security systems at Bukalapak to ensure our users' safety," she said. "Hacking attempts like this always happens in the digital industry."
But despite that, Intan urges users to routinely change their passwords, and enable two-factor authentication.
As for Coubic, it was looking into the breach, and LifeBear said that "most likely" that its servers were hacked.
The stolen information mainly includes account holders' names, email addresses and passwords.
Gnosticplayers said that the data was put up for sale because the breached companies had failed to protect their users' passwords with strong encryption algorithms.
"I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry."
Gnosticplayers also acknowledged that he did not post all of the information he got his hands on, saying that: