Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Hacking Group Offers Another 27 Million Records for Sale: Report

Shiny Hunters Claim to Have Data From Four Additional Breaches
Hacking Group Offers Another 27 Million Records for Sale: Report

After offering three large databases of compromised user data for sale on the darknet last week, a hacking group known as Shiny Hunters now is trying to sell four additional databases of information apparently gathered from data breaches, according to security firm Cyble.

See Also: State of Brand Protection Report

The four additional databases, which collectively contain about 27 million records, appear to include information from breaches of online marketplace Minted; Korean fashion discovery platform StyleShare; Indonesian e-commerce company Bhinneka; and online mathematics problem-solving website Mathway, Cyble reports.

Although Cyble is still checking the data offered for sale, a preliminary investigation shows the data appears authentic, says Beenu Arora, Cyble’s CEO and founder.

In addition, Arora says that his firm now is in the early stages of investigating a fifth database offered for sale by Shiny Hunters on the darknet that the hackers claim contains 40 million records from photo-comparing app Wishbone. Cyble has not yet verified the authenticity of the data contained in this database.

It’s unclear if Shiny Hunters was involved in any of the breaches tied to the stolen data it’s trying to sell. "The actor seems to be a wholesaler and doesn’t appear to be the one responsible for hacking into the companies," Arora says.

Other Data for Sale

On Thursday, security firm ZeroFox discovered that Shiny Hunters was attempting to sell three other databases containing approximately 26 million records (see: Hackers Try to Sell 26 Million Breached Records: Report).

Those three databases, which are being offered for sale at prices ranging from $1,500 to $2,500, contained personally identifiable information, passwords and other user details that appear to come from data breaches at meal-kit delivery service Home-Chef; photo-printing firm ChatBooks; and The Chronicle of Higher Education, a news website, according to ZeroFox.

In a statement released this weekend, ChatBooks CEO Nate Quigley confirmed that his company sustained a breach on March 26 and that the records posted for sale by Shiny Hunters include ChatBooks’ customer records.

In addition to login credentials such as names, emails addresses, as well as salted and hashed passwords for customer accounts, the ChatBooks user records include phone numbers, Facebook IDs and inactive social media access and merchant tokens, the company says.

Breakdown of Data Sources

The Cyble report does not describe what user records are contained in the four new databases that the Shiny Hunters group is offering for sale this week, but the researchers note that prices range from $1,200 to $5,000 per database.

Cyble says the quantity of user records offered for sale, broken down by the breaches from which they apparently were obtained, are :

  • Mathway.com: 15 million;
  • Styleshare.co.kr: 6 million;
  • Minted.com: 5 million;
  • Bhineeka.com: 1.2 million.

Earlier, other security researchers and media reports have linked Shiny Hunters to the selling of data from other large breaches. This includes over 90 million records breached at Indonesian e-commerce company Tokopedia and 22 million user records from India-based online learning platform Unacademy.

Bleeping Computer also reports that Shiny Hunters claims to have stolen more than 500 GB of data from Microsoft's private GitHub repositories. A Microsoft spokesperson told ISMG that's it aware of the claim and is investigating.


About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.