A hacking group known as ShinyHunters has put up a huge cache of stolen user details online.
According to reports, the hackers were able to steal the data of over 73 million users from various websites, which is now up for sale for approximately $18,000 on the underground marketplaces.
Among the sites that have fallen victim to the attack are the likes of Zoosk, Chatbooks, Star Tribune newspaper, Chronicle of Higher Education and various South Korean fashion and furniture websites.
- Ghost blogging platform servers hacked
- This major Chinese VPN provider has been hacked
- Over 120 million Decathlon accounts hacked
The group has already been able to hack into the systems of Tokopedia, an Indonesian e-commerce store after leaking datasets containing information about 15 million users for free, before the entire database of over 91 million users was later put for sale for $5000.
The group was also behind the recent attack on the Indian online learning platform Unacademy, stealing a database of over 22 million users that was listed online for $2000.
While ZDNet was able to verify the identity of some of the users from part of the sample records leaked by the hackers, printing service Chatbooks has officially announced that it has also fallen victim to a breach and has advised its users to update their login credentials for the service.
Here is a list of organizations that have fallen victim to this group:
- Online dating app Zoosk - 30 million user records
- Printing service Chatbooks -15 million user records
- South Korean fashion platform SocialShare - 6 million user records
- Food delivery service Home Chef - 8 million user records
- Online marketplace Minted - 5 million user records
- Online newspaper Chronicle of Higher Education - 3 million user records
- South Korean furniture magazine GGuMim - 2 million user records
- Health magazine Mindful - 2 million user records
- Indonesia online store Bhinneka - 1.2 million user records
- US newspaper StarTribune - 1 million user records
Experts suggest that ShinyHunters may be associated with another hacker group called Gnosticplayers which is accused of selling the database of over a billion users on the dark web.