The popular service CouchSurfing, with the help of which you can find accommodation while traveling (or provide your accommodation to other users), “leaked” the data of 17,000,000 users. The database is sold on hacker forums and Telegram channels for $700. CouchSurfing is investigating a data leak.
According to Alexa, CouchSurfing is currently ranked among the top 11,000 most popular sites on the Internet. The service, founded in 2004, has about 12,000,000 registered users. It’s worth noting that a few years ago the company purged and deleted many inactive accounts, which explains why hackers are now selling data of only nearly 17 million people.ZDNet reports that the information was on sale last week and supposedly have been stolen from CouchSurfing servers in July 2020.
The reporters were able to get a small “test sample” of the dump, and they report that the database includes user data such as IDs, real names, email addresses and account settings. There are no passwords in the dump, although it is not completely clear why. Perhaps the hackers simply chose not to share them with others.
CouchSurfing representatives confirmed that the company is investigating the incident and is already working with a third-party cybersecurity company and law enforcement agencies.
The impact of the CouchSurfing leak is lower than other security incidents at other companies, as password information was not included. This means that the CouchSurfing data can’t be used to as part of credential stuffing botnets that take leaked credentials and attempt to break into a user’s accounts at other online services”, – note ZDNet journalists.
Although user passwords do not seem to have fallen into the hands of cybercriminals, it is noted that email addresses are also useful to hackers and can be used at least to send spam.
ZDNet journalists put forward the theory that the data that appeared on the network may come from the company’s backup. The fact is that backups usually do not contain passwords and are stored in cloud environments, from which leaks often occur, in particular, due to misconfiguration or failure of firewalls and VPNs.
As we also reported, IS-researchers discovered a data leak (photos, including erotic ones, screenshots of personal correspondence and money transfer transactions, audio recordings and some personally identifiable information) of users of highly specialized dating applications.
