One of the largest trading posts on the Dark Web , AlphaBay , has rewarded a researcher for disclosing Vulnerability-related.DiscoverVulnerability the existence of a vulnerability which allowed him to steal Attack.Databreach over 200,000 private messages exchanged between users and sellers . Earlier this week , the hacker , known only as Cipher0007 , disclosed Vulnerability-related.DiscoverVulnerability the existence of two `` high-risk '' bugs through Reddit . In a forum post , the hacker said Vulnerability-related.DiscoverVulnerability the two security flaws could be exploited Vulnerability-related.DiscoverVulnerability to snatch private messages . Cipher0007 was able to compromise Attack.Databreach AlphaBay and steal Attack.Databreach the first and last names of buyers and sellers , nicknames , addresses , and the tracking IDs of packages sent by traders when included in the messages and not protected by PGP keys . The hacker also issued a number of screenshots of private messages as proof , which revealed the messages were not encrypted by default . After disclosing Vulnerability-related.DiscoverVulnerability the vulnerabilities on Reddit , Cipher0007 opened a number of support tickets on AlphaBay , warning Vulnerability-related.DiscoverVulnerability the Dark Web trading post of the potentially devastating bugs which could compromise the privacy and identities of users . In a statement on PasteBin , AlphaBay confirmed Vulnerability-related.DiscoverVulnerability the validity of the vulnerabilities and said Vulnerability-related.DiscoverVulnerability the bugs allowed the hacker to slurp Attack.Databreach a total of 218,000 messages which were not older than 30 days . Older messages are automatically purged from the system . The attacker was paid for disclosing the flaws rather than selling them on or releasing the stolen information to the public . In return , Cipher0007 revealed his methods and several hours later AlphaBay developers were able to close the loopholes Vulnerability-related.PatchVulnerability . As Dark Web marketplaces must provide strong assurances that users will remain anonymous due to the nature of goods sold there , often illegally , these kinds of vulnerabilities have the potential to destroy such businesses . Alternatively , these security flaws would be of interest to law enforcement agencies attempting to close down such operations -- and may have been known Vulnerability-related.DiscoverVulnerability to them before the hacker discovered Vulnerability-related.DiscoverVulnerability the bugs . Unless users indulging in risky , illegal trading take responsibility for their own privacy by using PGP keys and personal encryption , they can not cry foul if their personal information is leaked Attack.Databreach