Shiny Hunters hacker group claims to have hacked 10 companies and currently sells data stolen from them on the darknet.Shiny Hunters is a group that took responsibility last week for hacking Microsoft’s GitHub repositories.
“Hackers claim that they managed to steal 500 GB of data from software giant repositories and at first was going to sell them, but then changed their minds and decided to dump some of the information into the network for free”, – told Bleeping Computer reporters.
Additionally, this group recently hacked Tokopedia – Indonesia’s largest online store.
So, initially, hackers leaked the data of 15,000,000 Tokopedia users for free, and later put up for sale the entire database of the company containing 91,000,000 million records, assessing their value in $5,000.
Apparently, the profit from the sale of Tokopedia data inspired the hackers, as now the group put up another 10 companies for sale of stolen databases. Among them:
- Zoosk dating app (30 million entries);
- Chatbooks print service (15 million entries; the company officially confirmed the compromise);
- South Korean fashion platform SocialShare (6 million entries);
- Home Chef food delivery service (8 million records);
- Minted online store (5 million entries);
- Chronicle of Higher Education online newspaper (3 million entries);
- South Korean furniture magazine GGuMim (2 million entries);
- Mindful Medical Journal (2 million entries);
- Indonesian online store Bhinneka (1.2 million entries);
- American newspaper StarTribune (1 million entries).
Overall listed databases accounted 73.2 million records, price of which hackers estimated at about $18,000, and each database could be sold separately. Attackers shared the “samples” of some databases with potential buyers, and ZDNet reporters made sure that hackers were selling very real user data.
“At the same time, the authenticity of some databases cannot yet be verified, although many representatives of the information security community, including Nightlion Security, Under the Breach, and ZeroFOX, believe that Shiny Hunters are not joking and they are a very dangerous hack group”, – they write in ZDNet.
Some also believe that Shiny Hunters might be associated with Gnosticplayers, another hacker group that works in a similar manner, was very active last year and sold over a billion credentials on the darknet.
Let me remind you that their cybercrime, colleagues Doppel Paymer operators, published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.