The last few months have witnessed data breaches for more than a few internet users. The hacking group ShinyHunters is selling about 73.2 million user records that were stolen from numerous websites. The hackers are selling all for about USD 18,000, with each database sold separately.
Out of the entire stolen data, about 30 million user records are from dating app Zoosk while 15 million are from printing service Chatbooks. The remaining user records were from a variety of sites, namely, Star Tribune newspaper, furniture magazine- Site GGuMim, fashion and garments platform- SocialShare, online marketplace- Minted, food delivery service- Home Chef, health magazine- Mindful, and online newspaper- Chronicle of Higher Education.
The group of hackers, ShinyHunters, have shared samples from some of the stolen databases, which ZDNet has verified to be legitimate user records. But the authenticity of the listed databases cannot be verified at the moment. Yet, the sources (Cyble, Lion Security, Under the Breach, and ZeroFOX) in the threat intel community believe that ShinyHunters is a legitimate threat actor.
The speculation suggests that ShinyHunters is linked with Gnostic players, which is a hacker group that came into existence last year and made a record of selling more than one billion user credentials on dark web marketplaces.
ShinyHunters is also claimed to have stolen 500 GB from Microsoft’s private GitHub repositories and then broke into the Indonesian online store Tokopedia in May 2020. Although the GitHub breach did not contain any sensitive information, it kept Tokopedia’s database on sale for USD 5,000.