Hacker group ‘ShinyHunters’ sells more than 73 MILLION user records on the dark web

More than 73 million user records have been stolen from a number of online services and are being sold on the dark web for a total of $18,000.

The hacker group, named ‘ShinyHunters’, scraped data from at least 10 companies including Zoosk, Chatbooks and the StarTribune.

The online dating app, Zoosk, had the largest breach, as the cybercriminals grabbed 30 million user record and Chatbooks came in second with 15 million, according to ZDNet.

Chatbooks is the only firm to acknowledge the attack, which said login credentials including names, email address and passwords were taken in the haul, along with some phone numbers and FacebookIDs.

More than 73 million user records have been stolen from a number of online services and are being sold on the dark web for a total of $18,000. The hacker group, named ‘ShinyHunters’, scraped data from at least 10 companies including Zoosk, Chatbooks and the StarTribune

ShinyHunters allegedly shared samples from its haul of stolen databases with ZDNet, which verified the authenticity of some of the data.

The hackers infiltrated Zoosk, Chatbooks, Home Chef, Minted and the news site Star Tribune. 

The group also scraped databases of SocialShare, Chronical of Higher Education, GGuMim, Mindful and the Indonesia online store Bhinneka.

DailyMail.com has reached out to Zoosk, Chatbooks and the other services for comment and has yet to receive a response. 

The online dating app, Zoosk, had the largest breach, as the cybercriminals grabbed 30 million user record and Chatbooks came in second with 15 million, according to ZDNet . Chatbooks is the only firm to acknowledge the attack

The online dating app, Zoosk, had the largest breach, as the cybercriminals grabbed 30 million user record and Chatbooks came in second with 15 million, according to ZDNet . Chatbooks is the only firm to acknowledge the attack

The listed databases total for 73.2 million user records, which are being sold for around $18,000 for the haul, with each database sold separately. Only the printing service Chatbooks has shared details of the breach with the public

The listed databases total for 73.2 million user records, which are being sold for around $18,000 for the haul, with each database sold separately. Only the printing service Chatbooks has shared details of the breach with the public

The listed databases total for 73.2 million user records, which are being sold for around $18,000 for the haul, with each database sold separately.

Only the printing service Chatbooks has shared details of the breach with the public.

WHAT COMPANIES WERE BREACHED? 

  •  Online dating app Zoosk :30 million 
  • Printing service Chatbooks: 15 million 
  • South Korean fashion platform SocialShare: 6 million
  • Food delivery service Home Chef: 8 million 
  • Online marketplace Minted: 5 million
  • Online newspaper Chronicle of Higher Education: 3 million
  • South Korean furniture magazine GGuMim: 2 million 
  • Health magazine Mindful: 2 million 
  • Indonesia online store Bhinneka: 1.2 million
  •  US newspaper StarTribune: 1 million

CEO Nate Quigley wrote a statement regarding the incident: ‘We found that the breach occurred on March 26, 2020, and that the stolen information appears to consist primarily of Chatbooks login credentials, including names, email addresses, and individually salted and hashed passwords.’

The firm said that no payment or credit card information was compromised, but is urging users to change their password immediately.

The new comes a week after ShinyHackers had breached the largest Indonesian online store Tokopedia.

This event stole 91 million user records, which were for sale on the dark web for a total of $5,000.

The attack was conducted through the use of phishing emails to employees, which gave the digital thieves access to different systems within the company.

The group is also responsible for accessing Microsoft’s GitHub account and stealing 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports.

However, the leaked samples of the haul suggest none of the data was confidential and should not create a problem for Microsoft – the haul included code samples, test projects, eBooks, and similar items.

ZDNet noted that some security experts believe this malicious group has ties to Gnosticplayers, a hacker group that was active last year, and sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern.

Read more at DailyMail.co.uk