Cyber Incident Victim: Fantasy Cruncher

On October 28, 2020, a threat actor advertised stolen user databases from seventeen companies for sale on a hacker forum, aggregating approximately 34 million compromised records. The seller operated as a data breach broker rather than the original attacker, facilitating the sale of databases allegedly obtained through prior breaches. Among the affected entities was Fantasycruncher.com, though the specific breach timeline and intrusion methods for this site were not disclosed. The broker listed Fantasycruncher.com’s exposed data as emails alongside passwords hashed with bcrypt or SHA1 algorithms. Other prominent victims included Geekie.com.br (8.1 million records), Clip.mx (4.7 million), Wongnai.com (4.3 million), and RedMart, which publicly confirmed its breach. The seller categorized the databases by their perceived value, with private sales historically ranging from $500 to $100,000 before potential public release.

The incident exposed diverse personal information across the seventeen organizations, including emails, hashed passwords, names, phone numbers, addresses, tax identifiers, and payment details. RedMart’s breach notably included credit card data, while Geekie.com.br and Athletico.com.br exposed Brazilian CPF numbers. Fantasycruncher.com’s data exposure was limited to emails and password hashes without additional identifiers. The broker provided technical specifics about password hashing methods, revealing inconsistent security practices among victims—some used robust bcrypt or PBKDF2-SHA256 hashing, while others relied on weaker MD5 or SHA1 algorithms. Eatigo.com and Wongnai.com additionally exposed Facebook tokens and social media IDs. Only RedMart had acknowledged the breach at the time of reporting; Fantasycruncher.com and most other entities had not issued public statements. The aggregated sale heightened credential-stuffing risks due to password reuse across services, though no post-breach fraud incidents were explicitly documented in the source material.