A hacker allegedly breached ten companies. The attacker sold his acquired 73 million user records on the dark web.
A security breach success story surfaced online and caught the attention of security researchers recently. The news also alerted a long list of a number of users now suspecting for the safety of their sensitive data.
A hacker group dubbed ShinyHunters flooded the internet security reports as they allegedly stole users’ records. Reports revealed that the hacker group is selling all its stolen data on the dark web.
ShinyHunters allegedly collected almost 73.2 million users’ data records. The hackers illegally acquired a huge amount of data from various trusted websites.
Hacker team attacks multiple companies
The list of the websites ShinyHunters intruded includes Zoosk, an online dating app where they stole 30 million user records. They acquired 15 million user records from Chatbooks, printing service, and six million records from Social Share, a South Korean fashion platform.
Eight million user data came from a food delivery service called Home Chef, while five million of them came from Minted, an online marketplace. Chronicle of Higher Education, an online newspaper did not escape the breaching with three million users’ data hacked.
The South Korean furniture magazine GGumim had no idea that they were stolen two million user records. Mindful, a health magazine on the other hand also sacrificed two million of its records unknowingly.
Bhinneka, an Indonesian online store had more than a million of its user records intruded. While Star Tribune, a US newspaper has the least yet still a huge amount of breached data at one million.
Reports claimed that ShinyHunters is also the team behind the hacking incident that created noise online last week. Attackers allegedly leaked user records from Tokopedia, Indonesia’s largest online store.
The hackers initially leaked the stolen data online for free. However, they later offered Tokopedia’s database for $5000. The company’s database contained up to 90 million user records.
Hacker stolen data proved authentic
Authorities still have not verified the authenticity of the reported hacked database and user records. However, researchers verified that some of the details on the stolen database were legitimate records from real users.
By the way, ShinyHunters operated, members of the threat intel community believe that the hacker team has associations with Gnosticplayers. The latter sold more than a billion of their stolen user data on the dark web last year.
Among the ten hacked companies, only Chatbooks admitted and acknowledged the security breach. The printing service company even posted an announcement on its official website warning its customers of the hacker attack.
Image courtesy of Richard Patterson/Flickr