Compromised data belonging to ten companies is on sale on the dark web by a hacking group called ShinyHunters. The 73 million stolen user records is being sold for $18,000. The same group was also responsible for hacking the Indonesian online store Tokopedia, the largest online store in the country. The hackers released 15 million records for free and demanded $5,000 for the remaining 91 million user records.
Companies with databases on sale in the dark web
About 30 million of the hacked records came from the online dating app Zoosk, while 15 million records are from the printing service Chatbooks. The rest of the stolen data is from various sources such as the online newspaper StarTribune with 1 million records, the South Korean fashion platform SocialShare with 6 million, and South Korean furniture magazine GGuMim with 2 million. The online newspaper Chronicle of Higher Education also has 3 million records listed for sale.
Other records stolen by the hacking group include the food delivery service Home Chef (8 million), the health magazine Mindful (2 million), Indonesia online store Bhinneka (1.2 million), and the Online marketplace Minted (5 million). In total, ShinyHunters is selling 73.2 million user records for $18,000 on the dark web.
The hacking group also claims to have stolen over 500GB of private GitHub repositories from Microsoft. Analysts, however, say the information taken from Microsoft was not critical because it included only code samples, test projects, eBooks, and other general digital materials unlikely to hurt the Redmond-based company.
Profile of the ShinyHunters hacking group
Various cybersecurity firms such as ZeroFox and Under the Breach believe both the hacking group and the stolen user data are legitimate. Security analysts also believe the hackers have ties with another hacking group Gnosticplayers, which sold more than 1 billion records on the dark web marketplace.
The hacking group obtained the information by conducting phishing campaigns on the companies’ employees, thus securing access to their computer systems. ShinyHunters accepts payment on the dark web through Bitcoin.
The frequent sale of data on the dark web by the hacking group indicates it has gained notoriety in breaching computer systems by applying sophisticated methods.
Several companies confirm the breach
Several companies confirmed the compromise of their data by the ShinyHunters hacking group. Chatbooks acknowledged the breach and advised its customers to change their passwords as a precaution. The firm said it was working with cybersecurity forensics to assess the extent of the breach. The book printing service also confirmed that only personal information such as names, email addresses, and hashed passwords was stolen. No payment information was leaked on the dark web because it does not store credit card information on its systems. The company also said the hacking group did not steal photos stored on its servers.
The Chronicle of Higher Education also confirmed its knowledge of its databases being sold on the dark web by an authorized hacking group. Other companies did not respond to whether they were aware of the breach.
James McQuiggan, Security Awareness Advocate, KnowBe4 says criminals steal information because it has value on the dark market.
“Criminal hacking groups are all about getting the most money for the records they steal or collect from various data breaches to organizations. Whether they get a thousand records or a million records, they have some potential value on the dark web.”
He added that although sensitive information such as payment information may be lacking from the leaked details, they can reverse engineer the passwords to build a database for credential stuffing. He also said despite the inevitability of such attacks, organizations could protect themselves by involving cybersecurity experts in all the stages of software development.
“These breaches are avoidable, as organizations can establish a robust security culture to get cybersecurity in the early stages of development, implementation, and monitoring consistently.”
McQuiggan advised users to be more vigilant to avoid falling victims of online attacks.
“End users will want to continue vigilance when it comes to spear-phishing or targeted emails about their accounts. By sharing their password or some other sensitive information from the breach, a criminal’s email will entice them to open attachments or click on links related to these attacks and thus compromise their systems further.”
Balbix CTO, Vinay Sridhara, pointed out the vulnerability of organizations and users to similar attacks.
“The ShinyHunters breach shows how critical it is for cybersecurity teams to move as quickly as the malicious actors targeting them. The sheer number and diversity of the organizations breached shows that many enterprises lack the level of cyber hygiene needed to protect sensitive user data. Well known best practices such as database encryption, multifactor authentication and password managers, and timely patching of critical assets could help organizations avoid the majority of these breaches. It’s also worth noting the domino effect of these breaches: with millions of user records on the dark web, it’s easy for hackers to decipher login credentials. And considering that 99% of people reuse passwords across an average of 2.7 work and personal accounts, the ShinyHunters collection could compromise many millions of enterprise accounts, in addition to the accounts already compromised directly in this breach.”