kleinanzeigen.de – Hacker gives away current database

Exactly one day ago, an obviously hacked database from kleinanzeigen.de appeared on the underground forums Crime Network (CNW) and Crimestate. On crime.to (CNW), the person who distributed the archive immediately deleted the download link to the share hoster workupload.com. The thread still exists in the CNW, even though the user xzv1337 asked for the thread to be deleted.

Leak contains countless valid email addresses of customers

According to his information, the hacker posted the thread at CNW “just like that” and removed the link for the download from the forum after about 20 minutes. According to his information, the database of the online classifieds portal kleinanzeigen.de is also not complete.

The admin of crimestate.cc tells us that the dataset dates back to the beginning of this year. The data goes from January to around August 2024. There will be more news in the future regarding the data leak given away by the unknown person, Krypton, the founder of the Crimestate forum, told us.

Fortunately, passwords are all encrypted

There are four huge files in the kleinanzeigen.de.rar archive. The countless valid email addresses of customers (along with the user names used there) would certainly be of great value to phishers. However, the passwords are encrypted using a hash, which is why it is not possible to log into the classifieds portal using the access data of a copied (or even someone else’s) account.

Fortunately, in the absence of a decrypted password, hackers cannot test whether the same login data might be in use somewhere else because the creators were too lazy to use different passwords.

No response from kleinanzeigen.de

In addition, countless transaction data from the company’s buyer protection program, etc. are recorded there. Several files give the impression that they are log files from the portal’s web server.

This afternoon at 3:43 p.m. we sent two emails to the company’s communications department, including the download link for the archive. Unfortunately, we have not yet received a response from kleinanzeigen.de. We would have liked to hear the background to the data from one of the two press spokespersons. And also how we should deal with the discovery together.

Since the distribution of the archive via the share hoster files and work uploads can no longer be stopped, there is a risk that phishers and other cyber criminals will soon misuse the many stolen email addresses for their own purposes. And this is happening everywhere, and of course not just with kleinanzeigen.de customers.