A hacker group called ShinyHunters declared that they have breached ten companies and are selling their user databases on a dark web marketplace for illegal products.
It was the same hacker group that breached Tokopedia, the largest online store of Indonesia last week.
After making huge profits from the previous hack, the hackers listed the databases of 10 more companies.
The user databases are stolen from organizations such as:
- Online dating app Zoosk (30 million user records)
- Printing service Chatbooks (15 million user records)
- South Korean fashion platform SocialShare (6 million user records)
- Food delivery service Home Chef (8 million user records)
- Online marketplace Minted (5 million user records)
- Online newspaper Chronicle of Higher Education (3 million user records)
- South Korean furniture magazine GGuMim (2 million user records)
- Health magazine Mindful (2 million user records)
- Indonesia online store Bhinneka (1.2 million user records)
- US newspaper StarTribune (1 million user records)
The total databases include more than 73.2 million user records and the hacker is currently selling each database separately for around $18,000.
They also shared samples from some of the stolen databases. Even though the authenticity of some of the listed databases were not verified, sources in the threat intel community such as Cyble, Nightlion Security, Under the Breach, and ZeroFOX believe ShinyHunters is a legitimate threat actor.
Some security researchers assume that the ShinyHunters group has connection with Gnosticplayers, another famous hacker group who sold more than one billion user credentials on dark web marketplaces last year.s