386 million user records stolen in data breaches — and they're being given away for free

An illustration of the words SYSTEM HACKED on a computer screen accompanied by a yellow triangle containing an exclamation mark.
(Image credit: solarseven/Shutterstock)

A notorious hacker or group of hackers is giving away copies of databases said to contain 386 million user records, after posting links to the databases on a marketplace used by cybercriminals.

The threat actor, who goes by the name ShinyHunters, claims to have data stolen from 18 different websites in the past seven months.

Free for all

According to BleepingComputer, ShinyHungers last week began uploading the databases to a forum where anyone can download them free of charge.

ShinyHunters is believed to have played a role in high-profile data breaches at HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad and even Microsoft's GitHub account. Many of these records were previously offered for sale online.

The free data is said to come from the following companies, some of which have confirmed data breaches in the past few months.

  • Appen.com - 5.8 million records
  • Chatbooks.com - 15.8 million records
  • Dave.com - 7 million records
  • Drizly.com - 2.4 million records
  • GGumim.co.kr - 2.4 million records
  • Havenly.com - 1.3 million records
  • Hurb.com - 20 million records
  • Indabamusic.com - 475,000 records
  • Ivoy.mx - 127,000 records
  • Mathway - 25.8 million records
  • Proctoru.com - 444,000 records
  • Promo.com - 22 million records
  • Rewards1.com - 3 million records
  • Scentbird.com - 5.8 million records
  • Swvl.com - 4 million records
  • Truefire.com.com - 602,000 records
  • Vakinha.com.br - 4.8 million records
  • Wattpad - 270 million records

The alleged data breaches at Appen.com, Drizly.com, Havenly.com, IndabaMusic.com, Ivoy.mx, Proctoru.com, Rewards1.com, Scentbird.com and  Vakinha.com.br had not been reported before, noted BleepingComputer.

The real deal

After he viewed some of these databases, BleepingComputer's Lawrence Abrams believes that the data is indeed legitimate because “the exposed email addresses correspond to accounts on the services”.

ShinyHunters has likely made a large sum of money by selling this data online. The cheapest databases were offered for $500 (Zoosk), while the most valuable was listed at $100,000 (WattPad).

ShinyHunters explained to BleepingComputer why he, she or they are giving away the data.

"I just thought: 'I've made enough money now' so I leaked for everyone's benefit. Obviously, some people are a little upset because they paid resellers a few days ago, but I don't care.”

Jake Moore, security specialist at ESET, told Tom’s Guide: “Even stolen data has a best-before date, so this isn’t a huge surprise for some of this data to be offered for free once it has been out in the public domain for some time.

“However, what is interesting is that half of those breaches have not before since been disclosed, which makes it an interesting move by the hackers [who] possibly genuinely only wanted to make a certain amount from the stolen information.”

What to do if you were affected

For affected users, Moore recommends: “It goes without saying to make sure that if you have an account with any of the listed compromised services then make sure you change your password and where available, activate two-factor authentication as an extra layer of protection.”

Daniel Lewis, CEO and co-founder of cybersecurity firm Awen Collective, added: “We recommend that everybody, including those people using the Dave service, to check whether their details have been compromised by plugging their email address into the HaveIBeenPwned website.” (It's safe to use.)

Tom's Guide would also suggest that everyone use one of the best password managers so that a breach involving one of your accounts doesn't end up involving all of your accounts.

  • More: Stay anonymous without the spend with a cheap VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!