Gnosticplayers
GnosticPlayers is a computer hacking group described in the provided content as having formed in 2019 and becoming notable for breaches of multiple online services, including Zynga and Canva. The group is reported to have claimed responsibility for stealing hundreds of millions of credentials from online businesses, including MyFitnessPal and Dubsmash, and selling the stolen data on dark web markets. The content also states that a hacker using the alias Gnosticplayers claimed responsibility for breaching Zynga, including Words With Friends, and accessing data affecting more than 218 million users; the claimed data included names, email addresses, login IDs, salted SHA1 password hashes, password reset tokens, phone numbers, Facebook IDs, and Zynga account IDs, and also allegedly included data from Draw Something and OMGPOP, with cleartext passwords for more than 7 million users. The content further states that Gnosticplayers had previously been linked to the sale of nearly a billion user records stolen from about 45 online services, including multiple rounds of sales on Dream Market in 2019. Additional reporting cited in the content says GnosticPlayers took public responsibility for breaches affecting services including 500px, 8fit, 8tracks, Animoto, Armor Games, Artsy, Avito, BlankMediaGames, Bookmate, Bukalapak, Chegg, CoffeeMeetsBagel, Coinmama, Epic Games, and Evite. A 2020 report cited in the content identified alleged core members and aliases including Maxime Thalet-Fischer (DDB, Casper, RawData, Pumpkin), described as the seller for the group, and Nassim Benhaddou (Prosox), who was described as a member and later said to have formed ShinyHunters. The content also states that Nassim Benhaddou, Gabriel Kimiaie Asadi Bildstein, and Maxime Thalet-Fischer were arrested in 2019 after Gabriel confessed to hacking GateHub, which reportedly involved theft of $9.5 million in cryptocurrency. The content additionally notes that some individuals named in later BreachForums-related reporting had previously been connected to cybercrime groups including GnosticPlayers, and that leaked BreachForums data reportedly included records associated with groups such as GnosticPlayers.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Software & Services
- Consumer Services
Where they're from
Attributed origin per open-source reporting.
- PK
Tradecraft
4 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as a well-known cybercrime group whose associated actors may be exposed in the leaked BreachForums user database; no specific operations, tooling, or TTPs are described in this content.
Referenced as a cybercrime group that some BreachForums users were previously associated with; no specific operation or campaign details provided in the content.
Referenced as a cybercriminal group that some individuals named in the ‘James’ message were allegedly connected to; no additional operational detail provided in the content.
Mentioned only as a named group in a related-post title about arrests/charges; no additional activity details are present in the provided content.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.