Members of the “Shiny Hunters” hacking group are flooding the dark web with leaked databases for sale. The hacking group is alleged of compromising 73.2 million user records from over 11 companies, BleepingComputer reported. The hackers are from the same group who are behind the Tokopedia data breach, in which 91 million user records were compromised and kept on sale on the hacking forums for $5,000. Later, the group breached India-based online learning platform Unacademy, which exposed details of 22 million users and kept the records for sale on the darknet forums for $2,000.
Security researchers from cybersecurity firm Cyble confirmed that Shiny Hunters is selling data from 11 different companies, including the food delivery company HomeChef, the photo print service ChatBooks, and Chronicle.com. Recently, ChatBooks confirmed that Shiny Hunters advertised its user records on a dark web market on May 3, 2020, asking $2,000 for 15 million user records.
Cyble stated that the hackers are allegedly selling stolen databases from various organizations including:
|
Company
|
User Records |
Price |
|
Tokopedia |
91 million | $5,000 |
|
Homechef |
8 million |
$2,500 |
|
Bhinneka |
1.2 million | $1,200 |
| Minted | 5 million |
$2,500 |
|
Styleshare |
6 million |
$2,700 |
|
Ggumim |
2 million | $1,300 |
|
Mindful |
2 million |
$1,300 |
| StarTribune | 1 million |
$1,100 |
|
ChatBooks |
15 million | $3,500 |
| The Chronicle of Higher Education | 3 million |
$1,500 |
| Zoosk | 30 million |
$500 |
Several incidents have been reported in recent times on hackers selling stolen information on the darknet markets. Security experts from Cyble found hackers selling over 267 million Facebook records for £500 (US$623) on dark websites and hacker forums. Cyble claimed that the records contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.
The exposed information includes email addresses, first and last names, last connection, status, age, phone numbers, Facebook IDs, dates of birth, age, and other personal data. Facebook clarified that none of the records include passwords. However, the information is enough for hackers to launch phishing campaigns and other online frauds, experts stated.
