The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum.
In the past months, ShinyHunters made the headlines for selling data of many other organizations, below the complete list published by BleepingComputer:
|The Chronicle Of Higher Education||3 million||$1,500|
The group was also involved in the leak of the Promo.com data and the breach of Microsoft private GitHub repository.
The threat actors released nine new databases belonging to several companies, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha. The remaining nine databases were already released by ShinyHunters in the past.
BleepingComputer verified the authenticity of some of the exposed data and published the full list of the 18 archives leaked by the threat actor:
|Company||User Records||Reported Breach Date||Known?|
|Chatbooks.com||15.8 Million||March 26th, 2020||Yes|
|Dave.com||7 Million||July 2020 *||Yes|
|Drizly.com||2.4 Million||July 2020 *||No|
|GGumim.co.kr||2.3 Million||March 2020 *||Yes|
|Havenly.com||1.3 Million||June 2020 *||No|
|Mathway.com||25.8 Million||January 2020 *||Yes|
|Promo.com||22 Million||July 2020||Yes|
|Rewards1.com||3 Million||July 2020 *||No|
|Wattpad||270 Million||June 2020 *||Yes|
|* Based on threat actor’s statements|
From the samples seen of these databases, BleepingComputer has confirmed that the exposed email addresses correspond to accounts on the services.
The huge trove of data contains over 386 million user records, but only some of them included the user’s password.
Users of the above companies are recommended to change their passwords as soon as possible, they have to change the passwords where they used the same login credentials.
(SecurityAffairs – hacking, ShinyHunters)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.