The hacking group ShinyHunters is selling around 73.2 million user records that the attackers say have been stolen from numerous sites, through a series of recent violations. A good chunk of the finished data for sale online, around 30 million, comes from the Zoosk dating app, while 15 million were stolen from the press service Chatbooks. There are several sites involved in the data breach, including newspapers, fashion and furniture sites and more.
Although it was not possible to verify the legitimacy of some databases, the sources that reported the news claim that the samples offered by cybercriminals correspond to real records, and some researchers experienced in the field of security believe that the records on sale by ShinyHunters are authentic. The sale of 73.2 million records of users, also brought to light by ZDNet, seems to be part of a wider campaign.
The group claimed to have stolen 500 GB from Microsoft's private GitHub repositories and violated the security links of the Indonesian Tokopedia online store in early May. The GitHub violation did not include any known sensitive materials, but ShinyHunters put Tokopedia's database up for sale for $ 5,000,000. As with many violations, the goal seems to be making money, but the speed with which the group manages to operate is surprising.
In the latest attack claimed several online services were involved: the online dating app Zoosk (30 million records), the printing service Chatbook (15 million), the South Korean fashion platform SocialShare (6 million), the food delivery service Home Chef (8 million), the online marketplace minted (5 million), the online newspaper Chronicle of Higher Education (3 million), the South Korean furniture magazine GGuMim (2 million), the health and fitness magazine mindful (2 million), the Indonesian online store Bhinneka (1.2 million) and the newspaper StarTribune (1 million).
The total value of the sale amounts to 18 thousand dollars, and each database is sold separately by the hacker collective: "The ShinyHunters group is believed to have ties to Gnosticplayer, a group of hackers active last year that sold over a billion user credentials on the dark web", writes ZDNet. The activities of the two groups are very similar in terms of the models used, and hence the assumptions about the possible link arise.