< Back to Searchlight Blog

Hacker sells millions of recently breached accounts on the darknet.

Published on 13 May 2020 by Charlie

Unacademy, a service that claims to be “India’s largest learning platform” has reportedly had a data breach, with 28 million user accounts for sale on a darknet market.

The four year old service received over $100 million in funding in February from multiple large investors including Facebook. The user data, that is up for sale, reportedly comprised of multiple data points including usernames, email addresses, full names and hashed passwords of users. A proportion of the users are reportedly from large institutions such as Facebook and Google, using company emails to register with the service. This, when added to the fact that the databases most recent entry was late January, suggesting the breach is recent, could pose a potential threat to these institutions from attackers attempting credential stuffing on these users.
The attacker, who first listed 20 million of the accounts for sale before increasing it to 28 million and upping the price from $2,000 USD to $3,500, has reportedly had one sale of the data, however the listing now redirects users to the markets front page.

The attacker known as “ShinyHunters” is also selling the data of multiple other recent breaches, including from Tokopedia (an Indonesian ecommerce site), which was also breached in early May and appears to be the first vendor to list the database.

The vendor has a relatively new account being created in early January, however all six reviews for their data breach listings, if real, are positive, suggesting some legitimacy behind the data. The same moniker was also found on dread accusing a user that requested a refund of attempting to resell the data, further suggesting its legitimacy.

The other breaches the seller is offereing includes breaches of Styleshare, Zoosk, Mindful, Minted, Homechef, Bhinneka and Chatbooks, with Chatbooks only just confirming the breach, nearly two weeks later. Since the beginning of May, Shinyhunter has sold around $18,000 USD in database leaks, leaving users to wonder which institution will be listed by the vendor next.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io

Latest News from Searchlight

03 Jun 2020

Hacked Daniel's hosting database released.

Daniel's hosting, a widely used provider of free darknet hosting, found itself a target of an attack earlier this year, causing its closure shortly after, with its database just now being publicly released.


26 May 2020

Update on the effects of COVID-19 on the Darknet

With the world in the grip of the COVID-19 Pandemic, many ways of life have and continue to change as countries adapt to what media are calling the “new normal”.


20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.


19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.