Personal data of women who have suffered miscarriages is being sold by hackers on the dark web for as little as £20.
Two hackers are offering the database which they claim has been stolen from pregnancyforum.org.uk, one of the UK’s main discussion sites for expectant parents.
The site includes a section for those who have had abortions and miscarriages, and this data is being offered along with that of 43,000 of the site’s users, according to the hackers.
They have given out free samples of the information including usernames, passwords and email addresses. When checked, these samples corresponded to users of Pregnancy Forum and allowed the easy identification on Facebook of women whose details had been leaked.
One Pregnancy Forum user confirmed that the hackers’ details for her account were correct.
The data also included encrypted passwords, however, the hacker listed a website on which the passwords can be easily “cracked”, revealing the unscrambled text.
Security experts believe the hack may go back to late 2016, when hackers struck many websites built using a popular type of software.
“It was obviously stolen in 2016, probably in August when just about every prominent forum running that particular software could have been breached,” said Kevin McMahon of Cyjax. “There were others at the time that suffered millions of account losses due to the… vulnerability that was present for some time before being patched.”
An administrator for pregnancyforum.org.uk said in a statement: “We were unaware of the breach. We have now notified all of our members and advised them to change their passwords, and we are putting measures in place to ensure it doesn’t happen again.”