A hacker has leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, according to ZDNet. The leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains, and was obtained after the hacker breached DH in March this year. Shortly after, DH owner Daniel Winzen revealed that the hacker had breached his portal, stolen its database, and then wiped all servers. Two weeks later, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites — a third of all dark web portals — went down following DH’s shutdown.
The dark web is notoriously associated with illicit activity but it is not always used for underground dealings. Daniel’s Hosting was used by thousands of web admins, and this breach will strike worry amongst those that used it. Anyone affected should immediately change their passwords, and do the same for any accounts where passwords were reused.
Frustratingly, this service – by design – did not keep backups, which could be disconcerting for those without a local backup. This was not the first time it was attacked, and it has a track record of being targeted.
Some of the leaked data will, no doubt, act as gold dust to law enforcement. Such intel is very infrequently handed to the right side of the law – and it is even more rare that this was leaked by unethical hackers. How it came about, however, is unlikely to be a problem.