Shiny Hunters list 73.2 million user records on the dark web

Group reportedly has ties to hacking group Gnosticplayers

Members of the Shiny Hunters hacking group have allegedly compromised 73.2 million user records from over 11 companies worldwide.

These hackers appear to be a part of the same group behind the recent Tokopedia data breach that exposed 91 million user records and listed them for sale at $5,000. 

Emboldened by the profits from the Tokopedia sale, the Shiny Hunters group is now listing the databases of 10 more companies for sale on the dark web.

The 10 databases hold a total of 73.2 million user records. The hacking group has the databases listed for sale at a combined $18,000, though Shiny Hunters is willing to sell them separately for $500-$3,500 each.

The databases include:

  • Zoosk (30 million user records, priced at $500)
  • Chatbooks (15 million user records, priced at $3,500)
  • StyleShare (6 million user records, priced at $2,700)
  • Home Chef (8 million user records, priced at $2,500)
  • Minted (5 million user records, priced at $2,500)
  • Chronicle of Higher Education (3 million user records, priced at $1,500)
  • GGuMim (2 million user records, priced at $1,300)
  • Mindful (2 million user records, priced at $1,300)
  • Bhinneka (1.2 million user records, priced at $1,200)
  • StarTribune (1 million user records, priced at $1,100)

While the authenticity of some of the databases haven’t been verified, sources in the threat intel community believe Shiny Hunters is a legitimate threat actor. Many also believe the group may have ties to Gnosticplayers, which has sold more than 1 billion user credentials on dark web marketplaces and operated in a nearly identical pattern as Shiny Hunters.

Those impacted by Shiny Hunters’ exploits have begun to come forward. Chatbooks recently confirmed the breach on its website, sharing that no financial data was exposed during Shiny Hunters’ exploits, but the stolen information included login information, including names, email addresses and password information. 

There have been several reports of hackers selling stolen information on the dark web in the last few weeks. Security experts from Cyble recently found hackers selling upward of 267 million Facebook records for a paltry $623.

Cyble claims that these records contained information that would allow attackers to perform spear-phishing campaigns to steal user credentials.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020