Hosting Provider’s Database of Crooked Customers Leaked

dark web digital identity

Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.

A hacker has leaked online the database of the largest free hosting service popular with cybercriminals, the result of a breach that took down the service earlier this year, according to a published report.

A hacker going by the online name of “KingNull” uploaded on a file-hosting site a database containing sensitive information about websites —including some records that could identify owners — that was lifted from Daniel’s Hosting, according to a report posted Sunday on ZDNet.

The database apparently was stolen on March 10 from the hosting service, operated by Daniel Winzen, a German software developer. Back then he reported a cyber-attack that accessed his service’s hosting infrastructure and deleted all the databases of 7,600 hosted sites, knocking  them offline. Winzen subsequently shut down Daniel’s Hosting later that month.
The data leaked over the weekend from that attack included 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion domains, which are often anonymous sites utilized by criminals, according to the report.

The database could blow the whistle on the owners and users of several-thousand domains suspected to be used by cybercriminals, revealing sensitive data about them and their activities, a security researcher from threat intelligence firm Under the Breach told ZDNet.

Some of the data could potentially be incriminating, as it could be used to help law enforcement track down the owners of domains tied to illegal activity, according to Under the Breach.

March wasn’t the first time the now-defunct Daniel’s Hosting service came under attack. In November 2018, a similar attack also deleted all the hosted sites from the service’s back-end service, knocking out 6,500 sites at the time. Hackers never released data from that attack, however, and Winzen kept the service going until the most recent attack in March.

Daniel’s Hosting rose to popularity among site owners seeking strict anonymity after a 2017 attack by the Anonymous hacker collective on Freedom Hosting II, which at the time was a popular hosting provider for cybercriminals. The collective said it targeted the service for hosting child-pornography sites.

It’s not currently known why Daniel’s Hosting was targeted in March, although the hacker who posted the files online, KingNull, has claimed also to be a part of the Anonymous group and shared responsibility for the Freedom Hosting II attack.

While Daniel’s Hosting is currently unavailable, an undaunted Winzen told ZDNet after the March attack that he eventually will relaunch an even better version of the service, which should happen soon.

“I’m still planning on relaunching the service at a later time with new features and improvements,” he told ZDNet in March. “Not having to administrate the services all the time will hopefully give me more time for actual development. However, it may take months before I’m ready to relaunch.”

Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On June 3 at 2 p.m. ET, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, Taming the Unmanaged and IoT Device Tsunami. Get exclusive insights on how to manage this new and growing attack surface. Please register here for this sponsored webinar.

Suggested articles