Nearly seventy thousand healthcare patient records for sale on darknet hacker forum

TheDarkOverlord has resurfaced on Kickass Forum

TheDarkOverLord announces that they are officially back in business (Source)

TheDarkOverlord, one of the threat actors that DarkOwl analysts routinely monitor, has apparently resurfaced last week. In a recent series of posts, an entity claiming to be TheDarkOverlord is advertising a database of personal health information as well as user information taken from an unnamed gaming site – both of which are being offered for sale to willing buyers.

TheDarkOverlord is a hacker – or potentially a collection of personas – who regularly targets the healthcare industry, leaking thousands to millions of patient records.

TheDarkOverlord claims to have hacked “several medical practices”

In the post (pictured below), TheDarkOverlord advertises that they have over 67,000 patient records for sale, stolen from medical and dental practices in California, Missouri, and New York.

The forum listing advertises that these databases include personal and health information including full names, physical addresses, phone numbers, DOBs, driver’s license numbers, SSNs, medical histories, and much more. A specific price point was not provided; rather, the prices are “negotiable.” Interested buyers were instructed to send TheDarkOverlord an encrypted message using the forum’s private messaging system.

TheDarkOverlord also states that they’d be willing to entertain higher offers for data that “no one else will have,” giving the potential transaction a level of exclusivity that will likely attract a certain type of buyer and grab even more public interest.

TDO-1.png

Screenshot of TheDarkOverlord posting about medical records on Kickass Forum

TDO-2.png

Screenshot of TheDarkOverlord posting about medical records on Kickass Forum (as displayed in DarkOwl Vision)

Also for sale: a stolen database from a gaming website

On the same day, TheDarkOverlord posted a listing on the same Kickass Forum’s marketplace for 131,000 records from an “unnamed gaming website.” As advertised, these records include users’ email addresses, passwords, DOBs, IP addresses, and much more.

So far, it would appear that TheDarkOverlord is taking serious inquiries only. For example, in the comment section for the post below, someone asked for the name of the gaming website in questions, and TheDarkOverlord responded that they would like “proof of funds and intent to purchase” before disclosing any additional information.

TDO-3.png

Screenshot of TheDarkOverlord posting about gaming user info on Kickass Forum

TDO-4.png

Screenshot of TheDarkOverlord posting about gaming user info on Kickass Forum (as displayed in DarkOwl Vision)

Both postings on Kickass Forum remain live at time of publication. DarkOwl analysts will continue to track TheDarkOverlord and post updates here.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2022 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.