More than 51 million iMesh accounts are allegedly available for purchase on the Dark Web for 1 bitcoin – about $590 – containing data such as salted MD5 passwords, usernames, IP addresses, registration date and other account information.
While the iMesh peer-to-peer service was recently shut down, the breach is believed to have occurred in September 2013, as the most recent information in the database seems to be from that time. While no one has claimed responsibility for the hack, the hacker “Peace” has offered to sell a copy of the database on the Dark Web.
When contacted for conformation of the hack, the company’s Chief Operating Officer Roi Zemmer said that he “is not aware of any hacks” and “is currently using state of the art technology to protect users’ info.” While there is no official confirmation on whether the company has suffered a data breach, it’s worth noting that iMesh reached a peak of 9.4 million new users in 2009, although that number dropped to 2.5 million new users in 2013.
The total number of U.S. exposed accounts is believed to be around 13 million, while the rest are from Europe and the United Kingdom. To find out if your account is in the database, LeakedSource offers a way for users to search their email address in the leaked database.
“iMesh.com (now defunct) was hacked on September 22nd, 2013,” according to LeakedSource. “If your personal information appears in our copy of the iMesh database, or in any other leaked database that we possess, you may remove yourself for free.”
As the iMesh service is no longer operational, proving the validity of the database will be difficult without the explicit recognition of the company.