Hackers sell stolen over 73 million stolen user records on the dark web

Many businesses have been affected by this coronavirus pandemic. With many people staying at home and cities on lockdown, there is little to no income coming in these businesses.

In this time of isolation, the very least thing that these businesses want is for their company information to be stolen. Worse – sold on the dark web for a profit.

Unfortunately, that is what is currently happening right now.

A group of hackers has managed to get their hands on over 73 million user records and has sold these records on the dark web.

Read: Hackers get into Google Assistant and Siri using ultrasonic waves

Hackers steal over 73 million records then sells them on the dark web

The web is littered with hackers from left to right. That’s why companies do their best to get their online records protected – even invest in good security software.

But, there are times where these hackers find their way inside businesses’ databases.

Now, ZDNet has learned that a hacker group called ShinyHunters claims to have breached ten companies and is selling stolen respective user databases on the dark web marketplace for illegal products.

Hackers steal over 73 million records then sells them on the dark web
Hackers steal over 73 million records then sells them on the dark web

Also, this group is the same group that breached Indonesia’s largest online store, Tokopedia. Initially, hackers leaked 15 million user records online – for free.

But later the hackers put the company’s entire database of 91 million user records on sale for $5,000.

And now, encouraged by Tokopedia’s sale, the same group has listed databases from 10 companies. This is just over a span of one week. Crazy, right?

Below are databases were allegedly stolen from different companies and organizations:

  • Online dating app Zoosk (30 million user records)
  • Printing service Chatbooks (15 million user records)
  • South Korean fashion platform SocialShare (6 million user records)
  • Food delivery service Home Chef (8 million user records)
  • Online marketplace Minted (5 million user records)
  • Online newspaper Chronicle of Higher Education (3 million user records)
  • South Korean furniture magazine GGuMim (2 million user records)
  • Health magazine Mindful (2 million user records)
  • Indonesia online store Bhinneka (1.2 million user records)
  • US newspaper StarTribune (1 million user records)

Also read: 15 Best Malware Removers for Android: A Definitive Guide

Stolen user records for a profit…

Unfortunately, hackers stealing company users online or whatever breaching activities they do is almost an everyday occurrence. Hackers profit from it that is why they keep doing it.

From the databases from different companies, hackers have accumulated over 73.2 million user records… that’s a lot. These records are currently selling for $18,000, with each database sold separately.

ShinyHunters has shared samples from some of the stolen databases. This, ZDNet has able to verify to include legitimate user records – for the samples where user details were provided.

Samples of stolen databases (Photo credits: ZDNet)
Samples of stolen databases (Photo credits: ZDNet)

Some of the listed databases’ authenticity can’t be verified at the moment. However, sources from the threat intel community like CybleNightlion SecurityUnder the Breach, and ZeroFOX all believe that ShinyHunters is a legitimate threat.

Meanwhile, other security firms believe that ShinyHunters has ties with Gnosticplayers – a hacker group that was active last year that sold more than one billion user credentials on the dark web marketplaces.

And here’s a piece of evidence: both operate in an identical pattern.

Now that threat is on the rise, what companies can do is to strengthen their database securities through the different tools such an antivirus software.

Leave a Reply

Your email address will not be published.