Darknet market Versus shuts down after data security incident
One of the most popular English-speaking criminal darknet markets, the Versus Market, shuts down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers.
When conducting criminal activities online, dark web marketplaces must keep their physical assets hidden; otherwise, their operators risk identification and arrest.
The same applies to the users and vendors, who need to remain anonymous while using these illegal platforms. Anything that undermines trust to protect their info renders the platform extremely risky.
Apparently, after finding these vulnerabilities, the operators of Versus have decided to pull the plug themselves, finding it too risky to continue.
A personnel member who is among the main operators of Versus posted the following PGP-signed message:
There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability.
After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+ month old copy of the database as well as a potential IP leak of a single server we used for less than 30 days.
We take any and every vulnerability extremely seriously but we do think that its important to contend a number of the claims that were made about us. Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption)
Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years.
St. Louis-based Washington University School of Medicine also notified patients that a data breach had exposed some of their personal information.