Daniel’s Hosting, a dark web hosting service provider, recently suffered a breach that affected more than 6,500 dark websites.
According to Daniel Winzen, the software developer behind the hosting service, hackers breached into Daniel’s Hosting server on November 15, 2018, bringing down the websites that hosted on the platform.
“On November 15th around 10:06 PM UTC the hosting server was logged in to via phpmyadmin and adminer with the correct hosting management password and deleted all accounts. Noteworthy, also the account “root” has been deleted, which was injected into the database at 10:53 PM UTC and deleted at 12:50 AM, shortly after remaining databases from the chat, link list and hit counter got deleted,” said Daniel Winzen in a post.
Daniel stated the attackers might have exploited a PHP zero-day bug leaked just a day before the hack, that was already fixed. However, Daniel clarified that hackers apparently used other vulnerabilities to break into the database and it’s unable to find the root cause for the incident
“To this day around 6500 Hidden Services were hosted on the server. There is no way to recover from this breach, all data is gone. I will re-enable the service once the vulnerability has been found, but right now I first need to find it. Most likely in December, the service will be back up,” Daniel added.
Daniel specified the investigation is ongoing and requested ethical hackers and other users to help find the vulnerabilities. The data that were not affected included, the mail, XMPP service, the static content, and the short-link service, Daniel stated.
The dark web hosting service providers allow users to host a website without revealing their identity. It’s considered as the underground internet which involves several illegal activities. Recently, cybercriminals have obtained unauthorized access to the U.S. voter registration databases and put them for sale in dark web forums, according to a report from threat intelligence firms Anomali and Intel 471.