

Dark Web vendors offer up “thousands” of Uber logins starting at $1 each - cvs268
http://arstechnica.com/tech-policy/2015/03/dark-web-vendors-offer-up-thousands-of-uber-logins-starting-at-1-each/#p3

======
halviti
Considering they have the plaintext passwords and that Uber can't identify a
breach, it's most likely people who re-use the same password and were a victim
of another hack (adobe et al.)

------
fuzionmonkey
If this was due to a breach at Uber, it stands to reason there would be
millions of accounts for sale, not merely thousands. I'm more inclined to
believe this is a result of shared and/or weak passwords.

------
hyh1048576
Can anyone say something about this AlphaBay market? I don't think they got
any spotlight like Silk Road used to get.

~~~
lsdaccounthn
Never looked at it myself, think is quite small. But there are plenty of dark
net markets that aren't Silk Road.

Since Silk Road 2 was taken down by the feds (sometime last year, around 6-9
months ago I think) the first to look like the biggest was Agora, then
Evolution quickly became the most popular due to its nicer functionality (and
nicer design), and the fact that Agora often has short periods of downtime due
to server load.

Evolution disappeared a few weeks ago, seemingly the owner(s) decided to "exit
scam" \- i.e. shut down with no warning and steal all BTC stored in the site
by vendors/buyers, thought to be worth $8m (plus whatever profit they made
from commission in the previous year).

Since then it has been assumed that Agora will take the top spot, however it
has had very bad availability with long periods of the site going down, I
believe they've publicly said this is due to the influx of Evolution users and
that they are working on improving their site infrastructure. The two biggest
down sides to Agora are that they don't offer Multisig support (see below),
and that their site design/functionality is pretty nasty. Their upside is that
they have the most vendors on there, so the best range of drugs to buy. I
believe (though could be wrong, it's been a while since I've been on there)
they don't allow vendors to sell fraud/etc. related items, so stuff like Uber
accounts wouldn't be allowed on there. Not sure on that, though.

There's plenty of other markets too though, ranging in size and pros/cons - a
basic list can be found at
[https://www.reddit.com/r/DarkNetMarkets/wiki/superlist](https://www.reddit.com/r/DarkNetMarkets/wiki/superlist)

Right now there's a lot of uncertainty around regarding which markets to
trust, how long they'll last, etc.

Side note on multisig: what this is is basically a three-way escrow.
Traditionally dark net markets offered either "finalize early" (vendor gets
your BTC as soon as you order) or "escrow" (website stores the BTC until
customer is happy to release to vendor, or until the site admins have to
decide who to give them to in the case of a dispute). Multisig means that two
out of the three parties (site, vendor, buyer) must agree before the BTC gets
released to anyone. So this would prevent markets from doing what Evolution
did (stealing all the money in escrow), as if they shut down with no warning
then any outstanding deals could still be finalised between buyer and vendor
(2 out of 3). However, Evolution was actually one of (if not the) first
markets to introduce multisig as an option, and nearly everyone was too lazy
to figure out how to use it. Most talk since then is along the lines of "we
should all be using multisig all the time", yet I still haven't seen any signs
of that happening...

Anyway, this reply is way longer than you actually asked about, I just think
the world of dark net markets is pretty interesting :)

------
officialjunk
Is this at all related to the recent news of Uber storing private keys in the
github repo?

