The hacker’s intent is to hand over the data — 75GB of files and 2.6GB of databases — from hacked sites on Freedom Hosting II, the single largest dark Web hoster, to relevant law enforcement agencies.
Troy Hunt, who runs the website HaveIbeenpwned, tweeted that 21% of the users' names were already in the pwned database.
Because it is the dark web, details are scant but seem to have been based on compromising unpatched SQL, WordPress and PHPBB content management sites.
According to OnionScan there are at least 1500 other Tor-based dark websites that have gone dark as a result.
- Several personal blogs and websites.
- Over 100 double/triple/100x/ponzi Bitcoin scams – nearly every single one of these sites is hosted by FHII.
- Over 1000 carding and counterfeit sites.
- Multiple Bitcoin escrow and wallet sites.
- A handful of forums relating to hacking and other topics.
- At least 600 "Site Hosted by Freedom Hosting II" default instances.
The site is also known to host many botnets and command and communications servers used for ransomware activation.
Motherboard has an article that is allegedly an interview with the hacker. "This is, in fact, my first hack ever," the hacker said in an email sent from the same address posted to the hacked Freedom Hosting II sites. "I just had the right idea." It is an interesting read.