After realizing proceeds from the sale of the Tokopedia data, the hacking group has been encouraged to breach other companies.
This time, they decided to hack into the databases of 10 companies within a week. The hackers listed the databases of these companies on the darknet, including databases stolen from the following organizations:
- 1 million user records from US newspaper StarTribune.
- User records 2 million from Indonesia online store Bhinneka.
- 2 million records from health magazine Mindful.
- 2 million from South Korea furniture magazine GGuMim.
- 3 million user records from Online newspaper Chronicle of Higher Education.
- 5 million from user records from online market place Minted.
- 8 million from Food delivery service Home Chef.
- 6 million records from South Korean Fashion platform SocialShare.
- 15 million from printing service Chatbooks.
- 15 million user records from online dating app Zoosk.
According to the list, the number of stolen databases was 73.2 million, and the hacking group is selling the entire number for around $18,000 on separate deals for each database.
Samples of leaked data shared online
As a show of assurance that the breach actually occurred and data was stolen, the group has shared samples, which included legitimate records from some of the listed companies, as verified by ZDNet security researchers.
However, the genuineness of some other listed databases has not been verified.
But popular threat Intel networks like ZeroFox, Under the Breach, Nightlion security, and Cyble, agreed that the ShinyHunters hacker group is an admissible threat actor.
The group could be part of a larger syndicate
This is not the first hacking incident from the hacker group, who infiltrated the network of Tokopedia, Indonesia’s largest online not too long ago.
However, the news only broke last week, the hacking group claimed it obtained the Tokopedia data after a hacking incident that took place in March 2020.
The hackers breached Tokopedia and released 15 million user data for free and later offered the entire firm’s database of 91 million records for sale at $5,000
The group also claimed it stole 500 GB of data from Microsoft’s private GitHub repositories after compromising Tokopedia.
The Tokopedia leak was more severe than the GitHub breach which didn’t include any sensitive data.
Many believe the hacking group is part of a larger campaign, with other hacking subsidiaries carrying their own separate attacks.
Hacker group may have a connection with Gnosticplayers
Some security research companies believe that ShinyHunters may have a strong connection with another hacker group known as Gnosticplayers.
Since it was discovered last year, already, Gnosticplayers has sold more than 1 billion user credentials on the darknet. Some believe since they have similar operational methods and operate in almost identical patterns, they would have strong ties.
Some victim organizations of the breach have been contacted to verify the authenticity of the breach. At the press time, only Chatbooks has confirmed the breach by formally notifying the public that its servers were compromised.
Just like other common online breaches, this one seems to be a crash grab, but the speed and scale are what is most surprising to many people.
Featured Image via Pixabay.