“Shiny Hunters” Group Is Selling User Records From 11 Companies on the Dark Web

  • “Shiny Hunters” have put up a massive database of stolen user records for sale on the dark web.
  • The data isn’t worth a much but is not sold exclusively so that it can reach many malicious actors out there.
  • Most of the affected companies hadn’t disclosed anything about a security incident, so this case is revealing.

The hacking group known as “Shiny Hunters” has put up a massive database for sale on the dark web, consisting of 73.2 million user records belonging to eleven companies. This is the same group of threat actors that has published the “Tokopedia” dump at the beginning of the month, and those who claim to have stolen 500 GB from Microsoft’s private repositories on GitHub last week. Now, the group is selling the following data on the dark web, and the first samples that were analyzed seem to confirm their legitimacy.

Company User Records Price
Tokopedia 91 million $5,000
Homechef 8 million $2,500
Bhinneka 1.2 million $1,200
Minted 5 million $2,500
Styleshare 6 million $2,700
Ggumim 2 million $1,300
Mindful 2 million $1,300
StarTribune 1 million $1,100
ChatBooks 15 million $3,500
The Chronicle of Higher Education 3 million $1,500
Zoosk 30 million $500

The above bring surprise to the affected individuals, as the companies that suffered the breaches didn’t realize them, or chose not to inform their users about the incidents. The first firm to step forward was ChatBooks, a photo print services provider that saw 15 million of its records being sold for $3,500.

Source: Bleeping Computer

According to the company, the hacker who has managed to access its systems stole a portion of the user data stored there. It includes Facebook IDs, social media access tokens (no longer active), merchant tokens (no longer valid), and phone numbers. ChatBooks claims to have learned about this on May 5, 2020, and after investigating, they figured that the breach occurred on March 26, 2020. No credit card or payment information was stored in the systems, so nothing of this type has been stolen. Similarly, the users’ photos and personal data was kept safe from the infiltrators.

Source: Bleeping Computer

The group is selling the above to anyone who pays for it, meaning there are no limits as to how many can purchase the dump using Bitcoin or Monero. One more detail that concerns the ChatBooks dump is that passwords are present in the data, but they are hashed and salted. This doesn’t mean that they are absolutely secured, but it would require a lot of additional effort from the malicious actors to be able to crack some of them. Most of them won’t even bother, and users will have the time to reset their credentials on ChatBooks and anywhere else that they may be using the same passwords.

How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari