Recently, a hacker group has been gaining popularity for selling millions of user records on the dark web. These records belong to 11 different companies that deal in different domains. This hacker group known as “ShinyHunters” came into prominence after doing a data breach of 91 million user records of Indonesia’s largest e-commerce platform, Tokopedia, were found to be on the sale in the dark web marketplace earlier this month. The threat actors had put this data to sale for $5000.
After the Tokopedia’s breach incident, the same group claimed that it stole 500GB of data from Microsoft’s private repository on open-source developer platform Github. The group disclosed a screenshot of the stolen files to a news agency named HackRead to prove their infiltration into Microsoft’s account. These files include Rust for the Windows runtime and Wssd cloud agent.
Initially the group had plans to put this data on sale like that of Tokopedia but this time they just put 1 GB of data on a well-known Hacker forum but later the members of the forum claimed that the data was fake. Several news agencies had rounds of conversation with Microsoft official sources just to confirm the authenticity of the data breach. Later, partial authenticity of the hacked data was confirmed. Only a few repositories out of 1200 accessed belong to Microsoft and rest all were proved to be from other sources. The fraudsters just tricked to pretend that a substantial number of repositories are compromised. Microsoft also confirmed that the legitimate repositories are not even remotely sensitive and hence no big impact is faced by the company.
After carrying out the cyber hack on above two companies, recently the ShinyHunters broke into 10 more companies. The hackers did the actual mischief a few weeks back but it was observed after the security companies found that the data of these companies is indexed on a popular dark web marketplace named as “Dream Market”. Hackers are selling the entire data worth $18000. The companies that are hacked include popular photo book printing company Chatbooks, online dating app Zoosk, SocialShare a south-korean fashion platform and so on. Below is the list of companies with the number of records compromised and their selling price on the dark web:
|Home Chef||8 million||$2500|
|Chronicle of higher education||3 million||$1500|
|Star Tribune||1 million||$1100|
The leaked data includes the user’s email address, date of birth, name, hashed passwords, social media IDs. It has been reported that no financial details were compromised as of now.
Data breach pattern similar to GnosticPlayers
Last year, another hacker group was quite active and carried out huge data breaches of a number of companies like photography giant 500px, American apparel company UnderArmor, gaming platform Mindjolt, just to name the bigger ones. The hacker group was GnosticPlayers.
That hacker group hit the various companies in various rounds, each round exposing millions of user records from the companies secure database. They did 5 rounds stealing about 1 billion records. The ShinyHunter is said to be working in a similar pattern as they also did it in various rounds and also sold the data on the dark web’s public marketplace named Dream Market.
We say this marketplace as “public” because despite being hosted on the dark web, Dream Market is a very very public space, littered with law enforcement, journalists, and employees of many cyber-security firms.
How this data is sold
ShinyHunters and Gnosticplayers are small underground hacker groups that work as data hoarders and sell the stolen data to vetted partners.
Actually, once a hacker gets access to your data, they can deal with it in different ways. One of the most common procedures would be to scan the data to identify the most important and valuable information such as login details, financial information, private photos, or messages and e-mails. Then they decide whether they are going to use this information for themselves or they are going to sell it to third parties.
This data is filtered and organized in various categories. Stolen email addresses are sold to spam botnets. Financial details are sold to groups specialized in online fraud or tax scams. Usernames and cracked passwords are sold to botnet operators specialized in credentials stuffing attacks.
Moreover, the price for the stolen data is set based on the potential for profit. For example, financial information is more expensive than basic personal information of some person. If the stolen data comes from a government or military personnel, the cost can grow to staggering heights.
Consequences faced by companies
Whenever a company’s data is hacked, a lot of troubles are faced by the company:
- First of all, they are hit with the costs of the attack itself, such as the losses resulting from stolen or exposed confidential data.
- Second, they face a public backlash. They suffer a wave of media embarrassment at the least. Along with the headlines may come a loss of customers’ confidence, especially if customer data such as credit card numbers was stolen. Legal consequences are yet another possibility for hacked companies.
- Finally, hacked organizations need to upgrade their cyber security systems and procedures, and do it on an urgency basis. Like having to call the plumber on Saturday night, emergency assistance does not come cheap.
Consequences faced by end-users
It is obligatory to know what consequences you can face as a victim of personal data breach. If your personal identifiable information such as name, date of birth, address, phone numbers are leaked then hackers can duplicate the identity and carry out frauds under your name.
If it is financial information then the losses are predictably huge. Theft actors can perform fraudulent online transactions and transfer substantial amounts of money out of your bank before you even get to know about it. More notorious cyber criminals may even create counterfeit credit cards for their own use.
If it is your digital credentials like email usernames and passwords or some online shopping platform credentials then the hackers can use these credentials to break into your account and get access to all the information stored in your emails be it private, financial, business deals or so.This data has much more potential to cause greater damage as most of the people use the same credentials for multiple accounts. So if your email credentials are hacked most probably your social media accounts and other third party apps accounts are also hacked.
They can analyse your social media profiles, figure out your emotional status and then may contact you through various means to blackmail you or manipulate your emotions.
If your location data is hacked and sold, then you might be in big trouble. Your location data is available in so much detail that anyone can even plot criminal intentions against you.
How end-user can escape from such data hacks
When end-users data is hacked from a company’s data bank rather than directly tricking the end-user then the preventive measures are less but need to be implemented:
- Always make sure to use strong passwords for your online accounts. Keep a mix of small and cap alphabets, numbers, special characters.
- Do not use your personal details like name, phone number or date of birth in your passwords.They are super easy to crack.
- Always use different passwords for different online accounts so that if one account is hacked, the same credentials could not be used to break into other accounts.
- We are highly influenced by social media and we expose so much personal details on social media. Your connections might not need these details but hackers would definitely make full use of it. So, try to limit the exposure of your personal details on social media.
Your comments are welcome if you have anything to add to the above or if you have more preventive measures for end-users.
Please provide your comments in the comment section below: