ShinyHunters leaked over 386 million user records from 18 companies

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online.

The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum.

A couple of days ago, the popular digital banking app Dave.com disclosed a security breach after ShinyHunters leaked 7,516,625 user records on a crime forum.

In the past months, ShinyHunters made the headlines for selling data of many other organizations, below the complete list published by BleepingComputer:

Company	User Records	Price
Tokopedia	91 million	$5,000
Homechef	8 million	$2,500
Bhinneka	1.2 million	$1,200
Minted	5 million	$2,500
Styleshare	6 million	$2,700
Ggumim	2 million	$1,300
Mindful	2 million	$1,300
StarTribune	1 million	$1,100
ChatBooks	15 million	$3,500
The Chronicle Of Higher Education	3 million	$1,500
Zoosk	30 million	$500

The group was also involved in the leak of the Promo.com data and the breach of Microsoft private GitHub repository.

The threat actors released nine new databases belonging to several companies, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha. The remaining nine databases were already released by ShinyHunters in the past.

BleepingComputer verified the authenticity of some of the exposed data and published the full list of the 18 archives leaked by the threat actor:

Company	User Records	Reported Breach Date	Known?
Appen.com	5.8 Million	N/A	No
Chatbooks.com	15.8 Million	March 26th, 2020	Yes
Dave.com	7 Million	July 2020 *	Yes
Drizly.com	2.4 Million	July 2020 *	No
GGumim.co.kr	2.3 Million	March 2020 *	Yes
Havenly.com	1.3 Million	June 2020 *	No
Hurb.com	20 Million	N/A	Yes
Indabamusic.com	475 Thousand	N/A	No
Ivoy.mx	127 Thousand	N/A	No
Mathway.com	25.8 Million	January 2020 *	Yes
Proctoru.com	444 Thousand	N/A	No
Promo.com	22 Million	July 2020	Yes
Rewards1.com	3 Million	July 2020 *	No
Scentbird.com	5.8 Million	N/A	No
Swvl.com	4 Million	N/A	Yes
TrueFire.com	602 Thousand	N/A	Yes
Vakinha.com.br	4.8 Million	N/A	No
Wattpad	270 Million	June 2020 *	Yes
* Based on threat actor’s statements

From the samples seen of these databases, BleepingComputer has confirmed that the exposed email addresses correspond to accounts on the services.

The huge trove of data contains over 386 million user records, but only some of them included the user’s password.

Users of the above companies are recommended to change their passwords as soon as possible, they have to change the passwords where they used the same login credentials.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)

[adrotate banner=”5″]

[adrotate banner=”13″]