The latest batch of data, which includes emails, passwords, usernames, IP addresses, phone numbers, app settings, shopping details and information regarding users' education, is being offered for the tune of 1.2431 bitcoins, according to ZDNet, which estimated the total equates to roughly $4,940.
The data was swiped from six companies: game developer platform GameSalad, Brazilian bookstore Estante Virtual, e-commerce giant Bukalapak, student career site Youthmanual and online task manager apps Coubic and LifeBear. The amount of stolen data from each company ranges from 1.5 million to 13 million records. The largest stolen dataset came from Bukalapak.
Unlike the past three rounds, which saw the sale of more than 840 million user records, this latest set is more about teaching various companies a lesson in bulking up their security measures, according to the hacker.
"I got upset because I feel no one is learning," Gnosticplayers, speaking on the persistent failure by companies to protect their information with strong encryption algorithms, told ZDNet on Sunday. "I just felt upset at this particular moment because seeing this lack of security in 2019 is making me angry."
The hacker had previously told the business technology website that he had initially intended to hack, sell and retire after companies gave into extortion demands, paying fees to keep the hacks under wraps.
Web developer and technologist Chris Garaffa told Sputnik on Tuesday that the "sales of data breaches like this have been a regular occurrence for a long time — as long as data breaches have existed."
"Whether groups or individuals like Gnosticplayers get the information though attacking the targeted companies themselves or collect it elsewhere, the market for these sorts of dumps is significant on the dark web," he explained. "As an illegal activity, they don't generally promote the sales outside of trusted forums or sites, and certainly not to the mass media."
"In most cases, information about any specific individual is not the target of these sales. For example, the market generally values a single credit card number at under $1, or significantly more — around $15 for an AMEX Platinum or Black card with a billing address, expiration and CVV code," he continued.
"Social media or email account credentials individually can be worth a penny or less, but in bulk can fetch thousands of dollars, as each account can be controlled to spam others or carry out large-scale scams."
When it comes to leaks involving driver's licenses, social security numbers or passports, Garaffa said that hackers could earn a significantly larger profit, but that it also comes "at a much greater risk of investigation and arrest" by national and international law enforcement agencies like the FBI or Interpol.
Gnosticplayers' first round of sales included the data of 620 million users, the second included 127 million users, and the third forked over the records of nearly 93 million users. The majority of the hacked information included account holder names, email addresses and passwords.