A community of hackers have started advertising on the dark web data allegedly stolen as a result of several recent infringements, including those affecting Tokopedia, Styleshare, Minted, ChatBooks, and others.
Known as “Shiny Hunters,” the group recently claimed responsibility for hacking Tokopedia, the largest online store in Indonesia, and claimed to have breached Microsoft’s GitHub account last week.
The same hackers have started selling multiple other databases containing what appears to be stolen user account data, according to cyber intelligence firm Cyble. The group offers samples of data to prove that their claims are legitimate.
The hackers seem to have infiltrated the online marketplace of independent artists and designers Minted, with 5 million user accounts now being sold for $2,500.
A database is also being sold at $2,700, which is expected to include 6 million user accounts from South Korea’s real-time smartphone and web network Styleshare.
In addition, the threat actor sells $3,500 for 15 million Chatbooks users, and $1,200 for 1,2 million for Bhinneka users, the security firm reveals.
The same threat actor is also selling a database allegedly stolen from Indian online learning site Unacademy that includes user information. We sell twenty million user accounts, for $2,000.
Many companies also seem to have been hacked, with Shiny Hunters also selling allegedly stolen accounts from HomeChef, Ggumim, Mindful, StarTribune, The Chronicle Of Higher Education, and Zoosk, BleepingComputer records for sale.
The hackers are currently selling data that were allegedly stolen from 11 businesses. In the past week, the organization has been adding new violations to the list at a rapid pace, and could continue doing so.
Although some of the affected organizations have publicly announced that they are being breached, not all of the incidents have yet been confirmed.