ShinyHunters

ShinyHunters is a criminal Black-hat Hacker group that is said to have been involved in numerous data breaches. Often the stolen information that is acquired is sold on the darknet.[1][2]

Name And Alias

The twitter profile of the group maintains a shiny Pokémon profile picture indicating that the ShinyHunters name is potentially derived from the game of the same name. Within the game, Shiny Pokémon exist and players spend hours hunting for them. This clue may lend credence to the threat group's motivation: hunting for shiny or rare artifact's, which appear to be user data. [3][4]

Notable Data Breaches

Tokopedia

On 2 May 2020 Tokopedia was breached by Shinyhunters. Which affected 15 million user records and included users' gender, location, username, full name, email address, phone number and hashed passwords.[5]

Wishbone

In May 2020 ShinyHunters leaked the full user database of Wishbone and is said to contain information such as usernames, emails, phone numbers, city/state/country, and hashed passwords.[6]

Microsoft

In May 2020, ShinyHunters claimed to have stolen over 500 GB of Microsoft source code from the company's private GitHub account. The group published published around 1GB of data from the hacked GitHub account to a hacking forum. Some cybersecurity experts that doubted the claims until analyzing them. Upon analysis, however, the veracity of Shiny Hunters’ claims that they breached Microsoft’s GitHub account were no longer in question. Microsoft told WIRED Magazine in a statement that they are aware of the breach. Microsoft later secured their GitHub account. This is also confirmed by Shiny Hunters as they report being unable to access any repositories. [7][8] [9]

Wattpad

In July 2020 ShinyHunters gained access to a Wattpad database containing 270 million user records which is said to contain user names, names, hashed passwords, email addresses, and general geographic location, Gender, and date of birth.[10][11][12]

Pluto TV

In November 2020 it was reported that ShinyHunters gained access to data of 3.2 million Pluto TV users. The hacked data included users display name, email address, bcrypt hashed password, birthday, device platform, and IP address.[13][14]

Animal Jam

In November 2020 it was reported that ShinyHunters was behind the hack of Animal Jam which lead to the exposure of 46 million accounts.[15][16]

Mashable

In November 2020, ShinyHunters leaked 5.22GB worth of Mashable database on a prominent hacker forum. [17]

Pixlr

In January 2021 ShinyHunters leaked 1.9 million stolen user records from Pixlr.[18]

Nitro PDF

In January 2021 a hacker claiming to be a part of ShinyHunters leaked the full hacked database of Nitro PDF which contains 77 million user records on a hacker form for no charge.[19]

Bonobos

In January 2021 it was reported that ShinyHunters leaked the full Bonobos backup cloud database to a hacker forum. The database is said to contain the address and phone numbers are for 7 million customers and orders, account information for 1.8 million registered customers, and 3.5 million partial credit card records and hashed passwords.[20]

Other Data Breaches credited to ShinyHunters

The following are other hacks that have credited or alleged to have been done by ShinyHunters and their estimated impacts of numbers of user records affected.[21][22][23]

  • JusPay - 100 million user records[24]
  • Zoosk - 30 million user records[25]
  • Chatbooks -15 million user records[26]
  • SocialShare - 6 million user records[27]
  • Home Chef - 8 million user records[28]
  • Minted - 5 million user records[29]
  • Chronicle of Higher Education - 3 million user records[30]
  • GuMim - 2 million user records[31]
  • Mindful - 2 million user records[32]
  • Bhinneka - 1.2 million user records[33]
  • StarTribune - 1 million user records[34]
  • Dave.com- 7.5 million users[35]
  • Drizly.com - 2.4 million user records[36]
  • Havenly - 1.3 million user records[37]
  • Hurb.com - 20 million user records[38]
  • Indabamusic - 475,000 user records[39]
  • Ivoy.mx - 127,000 user records[40]
  • Mathway - 25.8 million user records[41]
  • Proctoru - 444,000 user records[42]
  • Promo - 22 million user records[43]
  • Rewards1- 3 million user records[44]
  • Scentbird - 5.8 million user records[45]
  • Swvl - 4 million user records[46]
  • Glofox - Unknown[47]
  • Truefire - 602,000 user records[48]
  • Vakinha - 4.8 million user records[49]
  • Appen.com - 5.8 million user records[50]
  • Styleshare - 6 million user records[51]
  • Bhinneka - 1.2 million user records[52]
  • Unacademy - 22 million user records[53][54]
  • BuyuCoin - 325,000 user records[55]
  • Wishbone - 40 million user records[56]

Another hack

In August 2020, ShinyHunters hacked Hack Forums with a defacement message, using a Pokemon image and music. [57]

Lawsuits

ShinyHunters group is under investigation from the FBI as well as Indonesian and Indian police for the Tokopedia breach. Tokopedia CEO & Founder statement also confirmed this claim on Twitter. [58][59]

Minted company has informed the US federal law enforcement authorities and the investigation is still in its early stages.[60]

Wishbone Administrative document from california district in wishbone (class action lawsuit). [61]

Stacey from AnimalJam company stated that they are preparing a report for the FBI Cyber Task Force and notifying all affected emails. They have also created a 'Data Breach Alert' on their site to answer questions related to this breach. [62]

BigBasket has filed an First Information Report (FIR) on November 6, 2020, with the cyber cell of the Bengaluru Police to investigate the incident. [63]

Dave company also initiated an investigation, which is ongoing, and is coordinating with law enforcement, including the FBI. [64]

Wattpad also stated that they reported the incident to law enforcement and engaged third-party security experts to assist them in investigation. [65]

Theories

Some journalists and security researchers believe ShinyHunters might be linked to the previously known GnosticPlayers or his known associate "NSFW". However, ShinyHunters have directly denied it. In addition to questions around ties to other actors, researchers have also stated that they are unsure if ShinyHunters is a collective of multiple people, or one person working alone. [66][67]

ShinyHunters has listed some databases under the name @fs0c131y with link to Elliot Alderson’s Twitter account aka the french security researcher, Robert Baptiste. The group is believed to share some sort of link or grudge with the researcher. [68]

References

  1. "ShinyHunters Is a Hacking Group on a Data Breach Spree". Wired. ISSN 1059-1028. Retrieved 2021-01-25.
  2. Cimpanu, Catalin. "A hacker group is selling more than 73 million user records on the dark web". ZDNet. Retrieved 2021-01-25.
  3. https://twitter.com/sh_corp
  4. https://www.optiv.com/sites/default/files/2020-08/TL_2020-CTIE-Report_Whitepaper.pdf
  5. "ShinyHunters Is a Hacking Group on a Data Breach Spree". Wired. ISSN 1059-1028. Retrieved 2021-01-25.
  6. Cimpanu, Catalin. "Hacker leaks 40 million user records from popular Wishbone app". ZDNet. Retrieved 2021-01-25.
  7. http://techgenix.com/microsofts-github-account-breached
  8. https://www.scmagazine.com/home/security-news/cybercrime/shiny-hunters-bursts-onto-dark-web-scene-following-breaches-microsoft-data-theft-claims
  9. https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen
  10. Deschamps, Tara (2020-07-21). "Wattpad storytelling platform says hackers had access to user email addresses". CTVNews. Retrieved 2021-01-25.
  11. "Wattpad warns of data breach that stole user info | CBC News". CBC. Retrieved 2021-01-25.
  12. "Wattpad data breach exposes account info for millions of users". BleepingComputer. Retrieved 2021-01-25.
  13. "ShinyHunters hacked Pluto TV service, 3.2M accounts exposed". Security Affairs. 2020-11-15. Retrieved 2021-01-25.
  14. "3 Million Pluto TV Users' Data Was Hacked, But the Company Isn't Telling Them". www.vice.com. Retrieved 2021-01-25.
  15. "Animal Jam was hacked, and data stolen; here's what parents need to know". TechCrunch. Retrieved 2021-01-25.
  16. "Animal Jam kids' virtual world hit by data breach, impacts 46M accounts". BleepingComputer. Retrieved 2021-01-25.
  17. https://www.hackread.com/shinyhunters-hacker-leaks-mashable-database
  18. Service, Tribune News. "Hacker leaks 1.9 million user records of photo editing app Pixlr". Tribuneindia News Service. Retrieved 2021-01-25.
  19. "Hacker leaks full database of 77 million Nitro PDF user records". BleepingComputer. Retrieved 2021-01-25.
  20. "Bonobos clothing store suffers a data breach, hacker leaks 70GB database". BleepingComputer. Retrieved 2021-01-25.
  21. May 2020, Jitendra Soni 11. "ShinyHunters leak millions of user details". TechRadar. Retrieved 2021-01-25.
  22. July 2020, Nicholas Fearn 29. "386 million user records stolen in data breaches — and they're being given away for free". Tom's Guide. Retrieved 2021-01-25.
  23. ""Shiny Hunters" Hacker Group Keep 73 Mn User Records on Darknet". CISO MAG | Cyber Security Magazine. 2020-05-11. Retrieved 2021-01-25.
  24. "Amazon, Swiggy's payment processor hit by data breach". The Times of India. Retrieved 2021-01-05.
  25. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  26. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  27. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  28. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  29. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  30. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  31. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  32. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  33. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  34. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
  35. "ShinyHunters Offers Stolen Data on Dark Web". Dark Reading. Retrieved 2021-01-25.
  36. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  37. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  38. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  39. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  40. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  41. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  42. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  43. https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators
  44. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  45. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  46. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  47. Taylor, Charlie. "Irish start-up Glofox investigates possible data breach". The Irish Times. Retrieved 2021-01-25.
  48. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  49. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  50. https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462
  51. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  52. https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html
  53. https://www.binarydefense.com/threat_watch/shiny-hunters-group-selling-data-stolen-from-11-different-companies/
  54. https://malwaretips.com/threads/shiny-hunters-hackers-try-to-sell-a-host-of-user-records-from-breaches.100777/
  55. "Indian Crypto Exchange Buyucoin Hacked, Sensitive Data of 325K Users Reportedly Leaked". Bitcoin. Retrieved 2021-01-25.
  56. https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wishbone-user-records-for-free
  57. https://web.archive.org/web/20200829145057/http://hackforums .net
  58. https://androidrookies.com/who-are-shiny-hunters
  59. https://twitter.com/UnderTheBreach/status/1260518239362338816
  60. https://www.hackread.com/minted-data-breach-shiny-hunters-sell-database
  61. https://www.classaction.org/news/wishbone-app-maker-mammoth-media-hit-with-class-action-over-data-breach-affecting-40-million-users
  62. https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts
  63. https://cybleinc.com/2020/11/07/bigbasket-indias-leading-online-supermarket-shopping-allegedly-breached-personal-details-of-over-20-million-people-sold-in-darkweb
  64. https://dave.com/blog/post
  65. https://support.wattpad.com/hc/en-us/articles/360046141392
  66. https://www.wired.com/story/shinyhunters-hacking-group-data-breach-spree
  67. https://www.databreaches.net/shinyhunters-lists-more-than-160-million-user-records-from-11-companies-for-sale-on-dark-web
  68. ttps://androidrookies.com/who-are-shiny-hunters
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.