The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users.
“I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also get 607 repositories plus their Gitlab, Jira, Confluence databases.”
The posting also includes a list of repositories, sample git, and sample user data, as well as mentions of the fields in the database: user_id, username, mail, hash, salt, fbid, twitterid, vkid, fbuid, iguid. It appears that Ask.FM is using the weak hashing algorithm SHA1 for passwords, putting them at risk of being cracked and exposed to threat actors.
In response to DataBreaches, the user who posted the database – Data – explained that initial access was gained via a vulnerability in Safety Center. The server was first accessed in 2019, and the database was obtained on 2020-03-14.
Data also suggested that Ask.FM knew about the breach as early as back in 2020.