In February 2019, The Register reported on a trove of information dumps being sold on the dark web. This collection contained details from approximately 16 sources, one of them being Bookmate, a social ebook subscription service. The Bookmate breach specifically contained 4 million rows of email addresses, names, dates of birth, gender, and salted SHA-512 password hashes. The Bookmate breach, along with 7 previously confirmed by ZeroFOX in the Register report, has been made available to the general public, while other dumps have yet to be disclosed.

Recommendations

  • Enable 2-factor authentication for all of your organizational accounts to help mitigate phishing and credential stuffing attacks
  • Remain alert to potential spear phishing attacks through email and social media.

Details

Bookmate is number 8 out of the 16 breaches from The Register report that have been disclosed to the public. The 1.7 GB data dump was for sale for $572 on the dark web. When The Register reached out to the company, they did not respond to a request for comment.