A group of hackers known as ShinyHunters is reported to have stolen data from about ten organizations and placed the databases for sale on the dark web. The data dump is said to include 73 million stolen user records, which have a price tag of $18,000.
Databases on Sale in the Dark Web
In the latest developments that have affected 10 companies, cybersecurity pundits have acknowledged the legitimacy of the stolen data. It is said that the hacking group accessed the sensitive data by employing phishing campaigns against workers of the target organizations– an aspect that granted the cybercriminals express access to internal computer systems.
An excess of 30 million compromised user records are reported to have been obtained from the online dating app Zoosk, while the printing service provider Chatbooks is said to have been relieved of about 15 million records by the ShinyHunters’ cyber-attacks.
It is alleged that the rest of the remaining stolen user data was obtained from a host of sources, including 1 million records drawn from the online news site StarTribune, about 6 million records from the South Korean fashion outfit SocialShare.
In addition, about 2 million user records were stolen from the South Korean furniture magazine GGuMim while 3 million records belonging to the online news site Chronicle of Higher Education was put up for sale on the dark web.
Further, ShinyHunters is alleged to have stolen and advertised records belonging to 8 million users of the food delivery business Home Chef, the health publication Mindful had 2 million of its user records compromised while 1.2 million user records from the Indonesian online platform Bhinneka were stolen.
Another organization that found itself in the range of ShinyHunters’ data breach spree was the online platform called Minted, where 5 million user accounts were involved.
Finally, the hacking group has also claimed that it has stolen data worth 500GB of private GitHub repositories from Microsoft. The group emerged with a 1 GB sample of the alleged data dump in an effort to prove the legitimacy of their loot. However, experts researched the matter and concluded that the data obtained by the group was not valuable after all.
ShinyHunters – The Hacking Group on a Rampage
As expected, ShinyHunters is trading the stolen data in exchange for Bitcoin. The fact that the hacking group has continued to appear in the news under similar circumstances goes to highlight the fact that the group has become a notorious outfit that uses sophisticated methods to breach computer systems.
A host of experts have intimated their belief that ShinyHunters is well connected to the Gnosticplayers hacking group, a team of cybercriminals that were alleged to have sold more than 1 billion user records on the dark web.
ShinyHunters is still the same group of cybercriminals that was accused for a cyber-attack which targeted the largest online market in Indonesia, called Tokopedia.
In the May 1 case, the group brought attention to itself after exposing a sample of 15 million user data belonging to Tokopedia customers. Thereafter, ShinyHunters began selling the alleged full data dump, which included stolen records for 91 million Tokopedia accounts, on the dark web’s Empire Market.
Tokopedia confirmed the data breach but maintained that the platform had installed proper measures to protect its.
In addition, the group of hackers went ahead to sell an additional data dump of 22 million user accounts drawn from Unacademy, India’s top e-learning website.
In both the Tokopedia and Unacademy cases, the data dumps contained passwords, even though they had been hashed for maximum security. The theft of information such as usernames, email addresses, full names, account creation dates, last login, cellphone numbers and dates of birth was unique to the Tokopedia data breach.
