Hackers Try to Sell 26 Million Breached Records: ReportData Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.
The data, which includes personally identifiable information, passwords and other user details, apparently comes from data breaches at meal-kit delivery service Home-Chef; photo-printing firm ChatBooks; and The Chronicle of Higher Education, a news website, according to ZeroFox researchers who reviewed the data on a darknet marketplace.
The researchers say they have "high confidence" that the records are legitimate. The records are packaged in three databases with prices ranging from $1,500 to $2,500 each, according to the report.
A hacking group calling itself Shiny Hunters is brokering the sale of these databases, although it's not clear if this group is behind the actual breaches at these three companies, the report notes. The Shiny Hunter group has been tied to a recent breach of 15 million records from Tokopedia, a large Indonesia ecommerce firm, according to ZeroFox.
Bleeping Computer reports that Shiny Hunters hackers claim to have stolen more than 500 GB of data from Microsoft's private GitHub repositories.
A Microsoft spokesperson told Information Security Media Group Friday that's it aware of the claim and is investigating.
Databases for Sale
In one database that the ZeroFox researchers found for sale on the darknet for $2,500, hackers were selling approximately 8 million records portrayed as coming from HomeChef. This includes an entry that contains the last four digits of users' Social Security numbers.
In addition, the database contains personally identifiable information such as phone numbers, ZIP codes, emails, IP addresses as well as passwords that are hashed using the Bycrypt algorithm. A sample of the records was posted on a dark net website by Shiny Hunters with the title "First Stage: Homechef [8M]," according to the ZeroFox report.
A second database contained 15 million rows of records portrayed as coming from the Chatbooks breach, according to the report. This data set includes email addresses, social media access tokens, passwords hashed with the SHA-512 function as well as other personally identifiable information. The asking price for this database was also $2,500, the researchers note.
The hacker group also is trying to sell 3 million records it says were from The Chronicle of Higher Education breach, but it did not post a sample or mention the type of the information that is available, according to the ZeroFox report. The researchers say that database is priced at $1,500.