A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products.
The hackers are the same group who breached last week Tokopedia, Indonesia's largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company's entire database of 91 million user records on sale for $5,000.
Encouraged and emboldened by the profits from the Tokopedia sale, the same group has, over the course of the current week, listed the databases of 10 more companies.
This includes user databases allegedly stolen from organizations such as:
- Online dating app Zoosk (30 million user records)
- Printing service Chatbooks (15 million user records)
- South Korean fashion platform SocialShare (6 million user records)
- Food delivery service Home Chef (8 million user records)
- Online marketplace Minted (5 million user records)
- Online newspaper Chronicle of Higher Education (3 million user records)
- South Korean furniture magazine GGuMim (2 million user records)
- Health magazine Mindful (2 million user records)
- Indonesia online store Bhinneka (1.2 million user records)
- US newspaper StarTribune (1 million user records)
The listed databases total for 73.2 million user records, which the hacker is selling for around $18,000, with each database sold separately.
The hacker group has shared samples from some of the stolen databases, which ZDNet has verified to include legitimate user records -- for the samples where user details were provided.
The authenticity of some of the listed databases cannot be verified at the moment; however, sources in the threat intel community such as Nightlion Security, Under the Breach, and ZeroFOX believe ShinyHunters is a legitimate threat actor.
Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year, and who sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern.
ZDNet has also been gradually contacting victim organizations all week, as the hacker has been putting their databases online for sale.
At the time of writing, only Chatbooks has returned our email, with the company formally announcing a security breach on its website.
Updated on May 13 to add that StarTribune has asked users to reset their passwords.
Updated on May 15 to add that The Chronicle of Higher Education is now notifying readers of the security breach.
Updated on May 19 to add that Home Chef has notified customers of its security breach.