AlphaBay is counted among one or the largest trading marketplace of the Dark Web and it is something related to prevailing security flaws and vulnerabilities. Recently a hacker identified the existence of two high-risk bugs and revealed information on Reddit’s forum post.
The hacker uses the codename Cipher0007 managed to steal 200,000 private messages. These messages were exchanged between buyers and sellers.
ZDNet reports that
“Cipher0007 disclosed the vulnerabilities earlier this week and revealed on Reddit that these flaws could be used to steal private messages on AlphaBay. He compromised the website and took the first and last names of both the buyers and sellers on AlphaBay along with their nicknames, addresses and tracking IDs of the orders. The messages weren’t protected by PGP keys, which made it easier for Cipher0007 to steal them in such large proportion.”
AlphaBay posted an official statement on Pastebin in which they admitted that the presence of these bugs and also confirmed hacker managed to hack around 218,000 messages. It must be noted that hacked message was not older than 30 days because server automatically flushes the messages older than 30 days.
To prove that he has managed to infiltrate AlphaBay and stole private messages, Cipher0007 posted numerous screenshots too.
Cipher007 also managed to open a support ticket on the website to warn other trading posts on Dark Web which are potentially dangerous and can expose private identities of users.
AphaBay rewarded Cipher0007 for not selling or exposing their information to public. Hacker disclosed the method and techniques he used to get into their server and company’s developers managed to fix the flaw.