A notorious hacker or group of hackers is giving away copies of databases said to contain 386 million user records, after posting links to the databases on a marketplace used by cybercriminals.
The threat actor, who goes by the name ShinyHunters, claims to have data stolen from 18 different websites in the past seven months.
- The best antivirus software to keep you and your devices safe
- VPN: add an extra layer of security with a virtual private network
- Just In: OnePlus Nord already has a big display problem
Free for all
According to BleepingComputer (opens in new tab), ShinyHungers last week began uploading the databases to a forum where anyone can download them free of charge.
ShinyHunters is believed to have played a role in high-profile data breaches at HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad and even Microsoft's GitHub account. Many of these records were previously offered for sale online.
The free data is said to come from the following companies, some of which have confirmed data breaches in the past few months.
- Appen.com - 5.8 million records
- Chatbooks.com - 15.8 million records
- Dave.com - 7 million records
- Drizly.com - 2.4 million records
- GGumim.co.kr - 2.4 million records
- Havenly.com - 1.3 million records
- Hurb.com - 20 million records
- Indabamusic.com - 475,000 records
- Ivoy.mx - 127,000 records
- Mathway - 25.8 million records
- Proctoru.com - 444,000 records
- Promo.com - 22 million records
- Rewards1.com - 3 million records
- Scentbird.com - 5.8 million records
- Swvl.com - 4 million records
- Truefire.com.com - 602,000 records
- Vakinha.com.br - 4.8 million records
- Wattpad - 270 million records
The alleged data breaches at Appen.com, Drizly.com, Havenly.com, IndabaMusic.com, Ivoy.mx, Proctoru.com, Rewards1.com, Scentbird.com and Vakinha.com.br had not been reported before, noted BleepingComputer.
The real deal
After he viewed some of these databases, BleepingComputer's Lawrence Abrams believes that the data is indeed legitimate because “the exposed email addresses correspond to accounts on the services”.
ShinyHunters has likely made a large sum of money by selling this data online. The cheapest databases were offered for $500 (Zoosk), while the most valuable was listed at $100,000 (WattPad).
ShinyHunters explained to BleepingComputer why he, she or they are giving away the data.
"I just thought: 'I've made enough money now' so I leaked for everyone's benefit. Obviously, some people are a little upset because they paid resellers a few days ago, but I don't care.”
Jake Moore, security specialist at ESET, told Tom’s Guide: “Even stolen data has a best-before date, so this isn’t a huge surprise for some of this data to be offered for free once it has been out in the public domain for some time.
“However, what is interesting is that half of those breaches have not before since been disclosed, which makes it an interesting move by the hackers [who] possibly genuinely only wanted to make a certain amount from the stolen information.”
What to do if you were affected
For affected users, Moore recommends: “It goes without saying to make sure that if you have an account with any of the listed compromised services then make sure you change your password and where available, activate two-factor authentication as an extra layer of protection.”
Daniel Lewis, CEO and co-founder of cybersecurity firm Awen Collective, added: “We recommend that everybody, including those people using the Dave service, to check whether their details have been compromised by plugging their email address into the HaveIBeenPwned (opens in new tab) website.” (It's safe to use.)
Tom's Guide would also suggest that everyone use one of the best password managers so that a breach involving one of your accounts doesn't end up involving all of your accounts.
- More: Stay anonymous without the spend with a cheap VPN