Hacker Group Offers Private Data Of Over 73 Million Users For Sale On Dark Web
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web.
In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly had their databases stolen includes:
- Zoosk - 30 million user records
- Chatbooks - 15 million user records
- SocialShare - 6 million user records
- Home Chef - 8 million user records
- Minted - 5 million user records
- Chronicle of Higher Education - 3 million user records
- GGuMim - 2 million user records
- Mindful - 2 million user records
- Bhinneka - 1.2 million user records
- StarTribune - 1 million user records
Each compromised database is being sold individually with ShinyHunters standing to make about $18,000 if all user records are sold. The hackers did share samples from some of the stolen databases that appear to be legitimate, according to reports. However, some of the listed databases haven't been independently verified.
ShinyHunters is a legitimate threat actor according to some in the security community. The group may have ties to another hacker group called Gnosticplayers, which was active last year and sold over a billion user credentials on the dark web. The two hacker groups are said to operate with nearly identical patterns.
ZDNet says that it contacted the victim organizations, and so far, only Chatbooks has confirmed a security breach. These ten companies certainly aren't alone in having their databases stolen. Zoom was the target of hackers last month with 500,000 compromised accounts turning up online.