Published on 13 May 2020 by Charlie
The four year old service received over $100 million in funding in February from multiple large investors including Facebook.
The user data, that is up for sale, reportedly comprised of multiple data points including usernames, email addresses, full names and hashed passwords of users. A proportion of the users are reportedly from large institutions such as Facebook and Google, using company emails to register with the service. This, when added to the fact that the databases most recent entry was late January, suggesting the breach is recent, could pose a potential threat to these institutions from attackers attempting credential stuffing on these users.
The attacker, who first listed 20 million of the accounts for sale before increasing it to 28 million and upping the price from $2,000 USD to $3,500, has reportedly had one sale of the data, however the listing now redirects users to the markets front page.
The attacker known as “ShinyHunters” is also selling the data of multiple other recent breaches, including from Tokopedia (an Indonesian ecommerce site), which was also breached in early May and appears to be the first vendor to list the database.
The vendor has a relatively new account being created in early January, however all six reviews for their data breach listings, if real, are positive, suggesting some legitimacy behind the data. The same moniker was also found on dread accusing a user that requested a refund of attempting to resell the data, further suggesting its legitimacy.
The other breaches the seller is offereing includes breaches of Styleshare, Zoosk, Mindful, Minted, Homechef, Bhinneka and Chatbooks, with Chatbooks only just confirming the breach, nearly two weeks later. Since the beginning of May, Shinyhunter has sold around $18,000 USD in database leaks, leaving users to wonder which institution will be listed by the vendor next.
Try our Darknet Intelligence/Forensics tool for free, contact firstname.lastname@example.org
20 May 2020
The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.
19 May 2020
Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.