What Happened
In February 2019, the Brazilian online bookstore Estante Virtual suffered a data breach affecting 5.4 million customers. The hacker, a Pakistani cybercriminal known as Gnosticplayers, exposed personal information including names, usernames, email addresses, physical addresses, phone numbers, dates of birth, and unsalted SHA-1 password hashes. Gnosticplayers later put the stolen records up for sale on the dark web marketplace Dream Market as part of his fourth round of data sales, demanding payment in Bitcoin. The hacker justified the breach by claiming companies like Estante Virtual failed to implement strong encryption protocols such as bcrypt to protect user passwords, expressing frustration over the lack of security improvements in the industry.
