Hacker group “ShinyHunters” strikes twice within a week

The notorious group is selling a database of over 73 million users records on the dark web marketplace



Itwas only last week that the notorious hacker group the “ShinyHunters” targeted Tokopedida — Indonesia’s largest online store, by leaking the bounty of 91 million user accounts that it reportedly obtained in an intrusion that took place in March 2020. Hackers initially put up the partial database of 15 million users accounts for free on the dark web marketplace for illegal products, eventually showcasing the entire database of 91 million accounts for only $5,000.
They have now topped off this hack with the claim of having breached a further 10 companies during the course of last week and made away with more than 73 million user accounts. Collectively, the complete database of 73.2 million accounts is being sold for $18,100 with each individual database having a separate price tag as given below.
  • Online Store Tokopedia (91 million user accounts) — $5,000
  • Online dating app Zoosk (30 million) — $2,500
  • Printing service Chatbooks (15 million) — $1,200
  • South Korean fashion platform SocialShare (6 million) — $2,500
  • Food delivery service Home Chef (8 million) — $2,700
  • Online marketplace Minted (5 million) — $1,300
  • Online newspaper Chronicle of Higher Education (3 million) — $1,300
  • South Korean furniture magazine GGuMim (2 million) — $1,100
  • Health magazine Mindful (2 million) — $3,500
  • Indonesia online store Bhinneka (1.2 million) — $1,500
  • US newspaper StarTribune (1 million) — $500


ZDNet has verified to include legitimate user records as samples of the stolen database were shared by the group. While the authenticity of some of the listed databases cannot be verified currently, most of the listed companies consider the Shinyhunters as a legitimate threat actor.
Of all the victim organizations contacted by ZDNet for comment, only Chatbooks has formally announced a security breach on its website. Last Wednesday, ShinyHunters also claimed to have hacked into Microsoft’s GitHub account earlier this year and leaking files from the company’s private source code repositories.
ShinyHunters is believed by some to have ties with Gnosticplayers — a hacker group that sold more than one billion user credentials on dark web marketplaces last year. Both groups seem to be working on an identical pattern.
In the meanwhile, if you are a user of any of the sites listed above, it would be prudent to change the password to avoid any further damage. A few thousand dollars for millions of user accounts — that’s the cost privacy these days!

Post a Comment

0 Comments