Hacker group “ShinyHunters” is selling about 73.2 million user records stolen from 10 companies on the Dark Web for about $18,000, reports ZDNet.Â
Majority of the stolen user records have come from online dating app Zoosk (30 million), while the remaining have come from other sites, such as printing service Chatbooks (15 million), food delivery service Home Chef (8 million), South Korean fashion platform SocialShare (6 million), online marketplace Minted (5 million), online newspaper Chronicle of Higher Education (3 million), South Korean furniture magazine GGuMim (2 million), health magazine Mindful (2 million), Indonesia online store Bhinneka (1.2 million), and U.S. newspaper StarTribune (1 million). Â
The above-listed databases that total up to 73.2 million user records are being sold by the hacker for around $18,000, with each database being sold separately.Â
ShinyHunters is the same group who claims to have stolen 500GB from Microsoft’s private GitHub repositories, broke into Tokopedia’s database, Indonesia’s largest online store earlier in May and put it on sale for $5,000, as well as sold a database of 22 million user records stolen from the online learning platform, Unacademy on the Dark Web.
ZDNet has verified the authenticity of the samples of the breach the hacker group shared with them and found them to be legitimate user records. However, the legitimacy of some databases couldn’t be verified.Â
Researchers in the threat intel community such as Cyble, Nightlion Security, Under the Breach, and ZeroFOX also believe that ShinyHunters is an authentic hacker group.Â
“Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year that sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern,” reports ZDNet.
Of the listed 10 companies, only Chatbooks has officially acknowledged the security breach on its website.Â
