Hackers selling 73 million user records from 10 firms

Aden - Yasmine El Tohamy - Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year that sold more than one billion user credentials on dark web marketplaces.

A hacker group is selling data of 10 companies including online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs13.6 lakh).

Other companies are printing service Chatbooks, South Korean fashion platform SocialShare, online marketplace Minted, online newspaper Chronicle of Higher Education, South Korean furniture magazine GGuMim, health magazine Mindful and Indonesia online store Bhinneka, reports ZDNet.

The listed databases have 73.2 million user records, with each database sold separately.

The hacker group is known as ShinyHunters, the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia, Indonesia's largest online store where a database of over 90 million user records was sold.

A Microsoft spokesperson was quoted as saying that the company is investigating the incident. The same hacker group was also behind selling a database of 22 million user records form online learning platform Unacademy on the Dark Web.

Bengaluru-based edtech firm Unacademy said the all the sensitive data of its users was safe and the company was addressing the security issue. "We would like to assure our users that no sensitive information such as financial data or location has been breached," said Hemesh Singh, Co- Founder and CTO, Unacademy.

Encouraged by the profits from the Tokopedia sale, the same group has now listed the databases of 10 more companies.

"Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year that sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern," according to the report.

BleepingComputer reported that cyber intelligence firm ZeroFox informed them that Shiny Hunters had begun selling databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for higher education.