Shiny Hunters hackers published user data from 18 companies for free

The Shiny Hunters hacker group has been quite active in recent months. For example, it claimed responsibility for compromising Microsoft’s GitHub repositories, and also hacked Tokopedia (Indonesia’s largest online store) and sold data from more than a dozen other companies. Now Shiny Hunters hackers have published user data of 18 companies for free.

Also among the recent “merits” of this hack group can be noted the publication of data on 7.5 million users of the financial and technical “unicorn”, the Dave company.

This week the journalists of Bleeping Computer noticed that Shiny Hunters are not going to be satisfied with what has already been achieved, and continue to actively (and completely free of charge) leak data.

“So, since July 21, 2020, the group has published in the public domain information about 386 million users of 18 different companies, which were allegedly stolen as a result of hacks”, – say journalists of Bleeping Computer.

Fortunately, password leaks did not occur in all cases.

Bleeping Computer notes that usually stolen databases are first sold to other attackers, privately, and their cost can range from $500 (Zoosk) to $100,000 (Wattpad). Only after the stolen data is no longer profitable, cybercriminals publish it for free on hacker forums in order to boost their reputation.

Of the eighteen databases released by hackers over the past week and a half, nine have already surfaced in the past. The other nine databases were new, including those stolen from Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird and Vakinha. Below is the data on all dumps “leaked” by cybercriminals.

The journalists contacted the hackers and asked what was the reason for the sudden free publication of such amount of data. They replied that many can benefit from these databases, and this was done for the common good.

“I just thought I’d made enough money at the moment, so I arranged a dump for the public good. Of course, now some people are upset because a few days ago they paid resellers [for the same information], but I don’t care”, — said a Shiny Hunters spokesman.

Bleeping Computer specialists tried to contact each of the allegedly affected companies, whose data were published by ShinyHunters, but the publication did not receive a response from any of them. Journalists note that the lack of answers in such a situation is a common case, because companies, as a rule, confirm the fact of a data leak only a few weeks or months after the first information about the incident appears.

Users of the above mentioned companies are advised to change their passwords just in case.