[BreachExchange] A hacker group is selling more than 73 million user records on the dark web

Destry Winant destry at riskbasedsecurity.com
Tue May 12 10:09:46 EDT 2020


https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/


A hacker group going by the name of ShinyHunters claims to have
breached ten companies and is currently selling their respective user
databases on a dark web marketplace for illegal products.

The hackers are the same group who breached last week Tokopedia,
Indonesia's largest online store. Hackers initially leaked 15 million
user records online, for free, but later put the company's entire
database of 91 million user records on sale for $5,000.

Encouraged and emboldened by the profits from the Tokopedia sale, the
same group has, over the course of the current week, listed the
databases of 10 more companies.

This includes user databases allegedly stolen from organizations such as:

Online dating app Zoosk (30 million user records)
Printing service Chatbooks (15 million user records)
South Korean fashion platform SocialShare (6 million user records)
Food delivery service Home Chef (8 million user records)
Online marketplace Minted (5 million user records)
Online newspaper Chronicle of Higher Education (3 million user records)
South Korean furniture magazine GGuMim (2 million user records)
Health magazine Mindful (2 million user records)
Indonesia online store Bhinneka (1.2 million user records)
US newspaper StarTribune (1 million user records)

The listed databases total for 73.2 million user records, which the
hacker is selling for around $18,000, with each database sold
separately.

The hacker group has shared samples from some of the stolen databases,
which ZDNet has verified to include legitimate user records -- for the
samples where user details were provided.

The authenticity of some of the listed databases cannot be verified at
the moment; however, sources in the threat intel community such as
Nightlion Security, Under the Breach, and ZeroFOX believe ShinyHunters
is a legitimate threat actor.

Keeping global teams cohesive in a changing world
Teamwork experts share best practices for employees that want to
optimize global collaboration.
Sponsored by Microsoft

Some believe the ShinyHunters group has ties to Gnosticplayers, a
hacker group that was active last year, and who sold more than one
billion user credentials on dark web marketplaces, as it operates on a
nearly identical pattern.

ZDNet has also been gradually contacting victim organizations all
week, as the hacker has been putting their databases online for sale.

At the time of writing, only Chatbooks has returned our email, with
the company formally announcing a security breach on its website.


More information about the BreachExchange mailing list