The moderately popular darkweb market site Alien Market has been breached as several users reported. The database comprising the usernames and passwords of registered users was stolen from Alien Market and leaked. The status of Alien Market has been changed to “the market has been hacked and the database exposed” by the darknet market link distribution service Dark Eye.
The news substantiated when a list of user logins and passwords appeared on various forums. One of the users describes his frustration in a post: “The credentials obviously work, nearly every parameter was vulnerable to SQL injections and the passwords were saved in cleartext. The server also holds a git repository with material, which could possibly lead to the market admins identity. It was an absolute shit hole. I posted about the vulnerability months ago on Dread, took long enough for someone to leak it. Looking at the market, this shouldn’t be the most shocking part. Trying the same credentials from both customers and vendors on Dread and other markets is scary though. You can also tell by the looking at the passwords, that they are all being reused.”
The login information for Alien Market “vendors” appear in the text file containing dumped usernames, passwords, and withdrawal pins. Someone has tested many of the logins, and they purportedly work.
In short, this is a disaster for Alien Market but not one that surprised many experienced darknet users. Veteran darknet users have considered the site sketchy and were suspicious of possible exit scams or security vulnerabilities – and they were proven right. DNStats never listed this market for the same reasons, we recommend using established and reliable markets such as Vice City Market, Darkfox or Russian Market.