< Back to Searchlight Blog

Hacker sells millions of recently breached accounts on the darknet.

Published on 13 May 2020 by Charlie

Unacademy, a service that claims to be “India’s largest learning platform” has reportedly had a data breach, with 28 million user accounts for sale on a darknet market.

The four year old service received over $100 million in funding in February from multiple large investors including Facebook. The user data, that is up for sale, reportedly comprised of multiple data points including usernames, email addresses, full names and hashed passwords of users. A proportion of the users are reportedly from large institutions such as Facebook and Google, using company emails to register with the service. This, when added to the fact that the databases most recent entry was late January, suggesting the breach is recent, could pose a potential threat to these institutions from attackers attempting credential stuffing on these users.
The attacker, who first listed 20 million of the accounts for sale before increasing it to 28 million and upping the price from $2,000 USD to $3,500, has reportedly had one sale of the data, however the listing now redirects users to the markets front page.

The attacker known as “ShinyHunters” is also selling the data of multiple other recent breaches, including from Tokopedia (an Indonesian ecommerce site), which was also breached in early May and appears to be the first vendor to list the database.

The vendor has a relatively new account being created in early January, however all six reviews for their data breach listings, if real, are positive, suggesting some legitimacy behind the data. The same moniker was also found on dread accusing a user that requested a refund of attempting to resell the data, further suggesting its legitimacy.

The other breaches the seller is offereing includes breaches of Styleshare, Zoosk, Mindful, Minted, Homechef, Bhinneka and Chatbooks, with Chatbooks only just confirming the breach, nearly two weeks later. Since the beginning of May, Shinyhunter has sold around $18,000 USD in database leaks, leaving users to wonder which institution will be listed by the vendor next.

Try our Darknet Intelligence/Forensics tool for free, contact enquiries@slcyber.io


Latest News from Searchlight

20 May 2020

Europa market allegedly seized

The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.

Read more...

19 May 2020

9 Million EasyJet customers details accessed in cyber attack.

Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.

Read more...

18 May 2020

Hackers claim to have "dirty laundry" on US President Donald Trump alongside many celebrities in law firm breach

One of the worlds largest entertainment lawyers who allegedly also worked for President Trump has been the victim of ransomware, with hackers threatening to sell off the acquired data to the highest bidder on the darknet.

Read more...

13 May 2020

Hacker sells millions of recently breached accounts on the darknet.

Unacademy, a service that claims to be “India’s largest learning platform” has reportedly had a data breach, with 28 million user accounts for sale on a darknet market.

Read more...