GhostShell has Leaked 36 Million User Accounts From 110 Connected Servers

By | June 5, 2016


Twenty four year Romanian hacker GhostShell has leaked around 36 million user accounts and personal information. The hacker reportedly downloaded a collection of databases from numerous connected servers.

The leaked personal information contains

  • Full names
  • Email address
  • Date of Birth
  • Usernames
  • Passwords
  • Gender
  • Geolocations
  • Social media information
  • Browser data.

Many of the passwords were hashed and salted, but security researchers are able to unscramble many (though not all) passwords using readily-available online tools. In many cases, there are combinations of usernames or email addresses and plain-text passwords, which may allow a hacker to conduct further intrusions.

The hacker claimed, for this activity he used port-scanning tools, including, which is a search engine for web-connected devices, to identify the databases hosted on public servers.

According to the hacker

All the servers were running on the commonly used database software MongoDB. He labelled his hacking spree Project Vori Dazel – a public protest against lack of security practices.

Most of the system administrators “don’t bother checking for open ports on their newly configured servers,” which can lead to anyone infiltrating the network and managing their internal data without any interference. You don’t even have to elevate your privileges, you just connect and have total access. You can create new databases, delete existing ones, alter data, and so much more.”

The hacker announced the data leak on Twitter and posted a link to a PasteBin URL where users can find a statement regarding his reasons behind the hack, screenshots from all the hacked servers, and various links from where users can download the data.

Statement published on report by Znet, Security researcher Lee Johnston of Cyber War News uncovered 626,000 unique email addresses as part of the data dump, which included over 1,300 government addresses from the US Department of Homeland Security, the FBI, the IRS, the FAA and the US Navy. He also found more than 7,000 .edu addresses from colleges and universities — most of which appear to be staff members.

Subscribe for latest hacking news