- “Shiny Hunters” have put up a massive database of stolen user records for sale on the dark web.
- The data isn’t worth a much but is not sold exclusively so that it can reach many malicious actors out there.
- Most of the affected companies hadn’t disclosed anything about a security incident, so this case is revealing.
The hacking group known as “Shiny Hunters” has put up a massive database for sale on the dark web, consisting of 73.2 million user records belonging to eleven companies. This is the same group of threat actors that has published the “Tokopedia” dump at the beginning of the month, and those who claim to have stolen 500 GB from Microsoft’s private repositories on GitHub last week. Now, the group is selling the following data on the dark web, and the first samples that were analyzed seem to confirm their legitimacy.
The above bring surprise to the affected individuals, as the companies that suffered the breaches didn’t realize them, or chose not to inform their users about the incidents. The first firm to step forward was ChatBooks, a photo print services provider that saw 15 million of its records being sold for $3,500.
According to the company, the hacker who has managed to access its systems stole a portion of the user data stored there. It includes Facebook IDs, social media access tokens (no longer active), merchant tokens (no longer valid), and phone numbers. ChatBooks claims to have learned about this on May 5, 2020, and after investigating, they figured that the breach occurred on March 26, 2020. No credit card or payment information was stored in the systems, so nothing of this type has been stolen. Similarly, the users’ photos and personal data was kept safe from the infiltrators.
The group is selling the above to anyone who pays for it, meaning there are no limits as to how many can purchase the dump using Bitcoin or Monero. One more detail that concerns the ChatBooks dump is that passwords are present in the data, but they are hashed and salted. This doesn’t mean that they are absolutely secured, but it would require a lot of additional effort from the malicious actors to be able to crack some of them. Most of them won’t even bother, and users will have the time to reset their credentials on ChatBooks and anywhere else that they may be using the same passwords.