A little-known darknet marketplace by the name of Alien Market appears to have been hacked not just once but several times over the past few months. The news was first broken on the clearnet by Darknetlive, although reports of the situation have been an ongoing saga on the Dread darknet forum for months. The one darknet link provider that makes mention of the market, known as Dark Eye, now carries a warning on its page for the market which reads “The market has been hacked and the database leaked.”
According to various commenters on Darknetlive and Dread, hackers have been stealing login credentials (including plain text passwords) from the market via use of SQL injection. Not only were at least some of the credentials found to be valid, but they have also been used by hackers to gain access into accounts with the same credentials at others markets, as well. The site’s poor design had been the subject of several discussions on Dread for quite some time.
“Try to find a parameter at Alien Market that is NOT vulnerable to SQL Injections,” wrote Dread user diaree in a post on the forum last month.
Screenshot of the Alien Market homepage.
In mid-July of this year, a Dread user by the name of Ross_IP posted a thread titled “Alien Market Dumped”, which was the first time somebody made explicit mention of the site’s insecure design. In the thread they link to an online file containing the login credentials of several Alien Market users. Most references to Alien Market to be found before that describe the site as a scam, with some reviewers on Dark Eye mentioning that the admin had replaced vendor addresses with their own or that they had been locked out of their accounts without explanation.
Alien Market claims to have over 26,000 registered users and offers a wide array of listings categories, including everything from drugs to digital products to money exchange services. The market was still reachable as of Sept. 15, with no official word or updates from its admin as to whether the claims being made about it were true.