- ShinyHunters is back to free data leaks, and this time the victim is WebMeGood.
- The data broker is currently sharing a 4.3 GB data pack containing a lot more than what was seen on dark web forums last October.
- There are signs of an extortion relationship between the seller and several Indian companies, but nothing has been confirmed yet.
ShinyHunters strikes again, and the company that’s called to carry the burden is yet another Indian entity, WedMeGood. This is a popular wedding planning platform that helps with all aspects of organizing the ceremonial event, like finding venues, makeup and mehndi artists, groom and bridal wear, photographers, etc.
The platform had a data breach back in October 2020, and as Cyble reported back then, someone uploaded 500MB of data that exposed 1.34 million users. More specifically, that pack included email addresses, password hashes, contact numbers, activity records, and more.
Now, ShinyHunters is giving it all away for free, and it is a whopping 4.3 GB pack. The notorious seller has been leaking away several databases stolen from Indian sites last year lately, and underground rumors claim that it's because his extortion to these companies hasn’t yielded the desired results.
According to information that a pseudonymous source shared with us privately, ShinyHunters contracted someone else to extort all these Indian companies last year, but that initial attempt failed. Then, the seller took matters into their own hands and now re-extorts all companies with a full leak of the stolen data.
The same source told us that the dark web listings noticed last October were phony in the sense that they were only samples of the exfiltrated packs to help keep the blackmail fire burning. This is consistent with the difference in size that we see now, but we cannot confirm the validity of this tip for the time being.
Only ten days ago, the same seller leaked the ‘Big Basket’ data for free, and attempted to do the same with Upstox but retracted the shared data after the firm allegedly paid the requested amount. Again, none of this was ever confirmed, so it may as well be entirely fabricated or false.
In the meantime, Vinny Troia, the CEO of Night Lion Security, has been able to link aliases to ShinyHunters, and he has proof that the sellers are just a rebranding of the hacker group known as “TheDarkOverlord.” The two entities have a history, as the hackers actively targeted Data Viper as a revenge act against the researcher’s efforts to identify and expose them. This group was eventually linked with the MGM Resorts hack, which mobilized the law enforcement authorities and allegedly forced the actors to change name. Night Lion has created a detailed infographic on the identities that link to ShinyHunters, so make sure to check it out.
So, back to the WedMeGood, if you have used the platform to organize your wedding, you should immediately reset your password there and anywhere else where you may be using the same credentials. Be aware of phishing and scamming attempts made via email and also SMS, and generally prepare yourself for a spike in unsolicited communication that is meant to trick you.