CouchSurfing investigates data breach after 17m user records appear on hacking forum

CouchSurfing investigates data breach after 17m user records appear on hacking forum

Image: Inside Weather, CouchSurfing

CouchSurfing, an online service that lets users find free lodgings, is investigating a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.


The CouchSurfing data is currently being sold for $700, ZDNet has learned from a data broker, a person who buys and sells hacked data for profit on the hacking underground.


The data broker, who requested anonymity for this article, was not able to identify the hacker but said the CouchSurfing data, which first appeared in private Telegram channels last week, has been advertised as being taken from CouchSurfing's servers earlier this month, in July 2020.


No passwords leaked


ZDNet received a small sample of the data. The sample included user details such as user IDs, real names, email addresses, and CouchSurfing account settings.


User passwords were not included, although it is unclear if hackers got their hands on passwords and simply chose not to share them.

Reached out for comment last night, a CouchSurfing IT staffer did not immediately provide an on-the-record statement but said that the company has already engaged with a cyber-security firm to investigate the breach, along with law enforcement agencies.


While the CouchSurfing data was initially shared in private Telegram channels, this week, the company's data has slowly made its way onto more public hacker forums, including the infamous RAID Forum, the go-to place for buying and selling stolen databases on the public internet.





CouchSurfing is currently ranked as one of the top 11,000 most popular websites on the internet, according to Amazon's Alexa traffic ranking. The service, founded in 2004, lists 12 million registered ..

Support the originator by clicking the read the rest link below.