AlphaBay has discovered a bug that’s responsible for breaching into people’s private messages.
Following this development, the administrator has released a statement giving users updates on what occurred.
The attacker apparently had access to AlphaBay emails not more than 30 days old, and with ID numbers ranging up to 2609452.
The IDs are often likely not sequential, though, since around 218,000 messages were retrieved.
To prevent such events from happening again in the future, AlphaBay paid the culprit to reveal his findings so that a solution can be found.
The person agreed to disclose the methods used to get this sensitive information, and AlphaBay developers immediately sealed all loopholes in order to safeguard the security of users.
The hacker contacted moderators through private mail and provided proof that he was indeed able to read user messages.
The administrator verified the claim by opening two separate accounts, sending a mail between them, then providing the person with their message ID.
After checking these details, the hacker revealed to them the content of their exchange.
As an AlphaBay user, you can verify the bug yourself by creating “Throwaway” accounts then sending messages between them.
Despite assuring account holders that everything is now under control, not everybody is pleased, with some saying that AlphaBay could have encrypted sensitive data in the first place.
Additionally, there are complaints that AlphaBay is taking too long to block vendors who’ve been using the platform irresponsibly, leaving other users exposed to unscrupulous individuals on the site.
Some vendors even threaten to doxx customers they get, and this has been continuing for months unabated.
The inaction by AlphaBay to restrict such dealers has left many wondering whether the admin is active in resolving any disputes raised by users.
However, the moderator assured people that this isn’t the case. They say the bug has been fixed, and the mods are currently discussing the aftermath of this data breach with an aim of preventing it from occurring again in the future.
Another user posted that it’s AlphaBay’s job to care about security, as it’s “90% of the service” they provide to its users – presumably a private and secure platform to link dealers with buyers.
Therefore, if the site can’t assure users of privacy, people should cease their activities and involvements.
Others have said that they manually encrypt everything that’s done on AlphaBay market, despite the security checks promised by admin.
They are afraid of unauthorized parties, including the admin, gaining access to their personal info – which could be used in a dishonest way.
Though AlphaBay is one of the few markets with a global presence in countries such as Canada, some foreign users can’t justify endangering their security due to breaches on the site.
If this anomaly was discovered on the platform, chances are high that other security holes exist which haven’t yet been found, but may still be risky to users.
Moreover, the fact that one can omit the anti-DDoS captcha when signing in shows that a lot more needs to be done in terms of security.