Hacker group ShinyHunters has claimed to have stolen over 73 million user records that it is selling on the dark web, according to a report from ZDNet.
The hackers said they breached 10 companies and are now selling their respective user databases on a dark web marketplace.
The largest number of stolen records are from online dating app Zoosk, for which the group claimed it was selling 30 million records.
Other databases on sale include those of printing service Chatbooks and US newspaper StarTribune.
ZDNet listed the databases which were supposedly on sale:
- Online dating app Zoosk – 30 million user records
- Printing service Chatbooks – 15 million user records
- South Korean fashion platform SocialShare – 6 million user records
- Food delivery service Home Chef – 8 million user records
- Online marketplace Minted – 5 million user records
- Online newspaper Chronicle of Higher Education – 3 million user records
- South Korean furniture magazine GGuMim – 2 million user records
- Health magazine Mindful – 2 million user records
- Indonesia online store Bhinneka – 1.2 million user records
- US newspaper StarTribune – 1 million user records
The hackers are reportedly selling each database separately, with a total price of around $18,000 for all the user records.
ZDNet said that it could not verify the authenticity of the databases, but threat intelligence community sources Cyble, Nightlion Security, Under the Breach, and ZeroFOX regard the group has a legitimate threat actor.
ShinyHunters was also responsible for a breach of Indonesia’s largest online store – Tokopedia – which occurred two weeks ago.
It first leaked 15 million user records which included details such as full names, emails, phone numbers, hashed passwords, birth date, and information related to their Tokopedia profile.
Later, the company’s entire database of 91 million users was put up for sale for $5,000.
The world’s largest domain registrar last week disclosed a data breach which exposed the credentials of 28,000 web hosting accounts.
The company hosts millions of websites, managing 77 million domains from more than 19 million customers.
A GoDaddy representative said on 17 April the company discovered and initiated an investigation into suspicious activity which started in October 2019.
GoDaddy later identified the affected customers and began remediation, immediately resetting the affected usernames and passwords.
These accounts were only used by customers for accessing remotely hosted servers and not primary GoDaddy accounts, the company stated.
GoDaddy claimed there was no indication the threat actor had used its customers’ credentials or modified any customer hosting accounts.