The dark web with more than 160 million user records up for sale
From news websites to online marketplaces, eleven companies already have their user databases
Recently, over 164 million user records have been stolen from about 11 companies. And these data
have been placed for sale on the dark web. A cybercriminal collective, Shiny Hunters, has been
peddling the data for a whooping sum of US$23,100 in total.
The largest online store in Indonesia, Tokopedia, has about 91 million user records stolen and placed
for sale in early May. Later on, BleepingComputer got news from several cyber-threat intelligence
companies that Shiny Hunters are already taking up records from new data breaches.
Some of these records include photo print service Chatbooks, HomeChef, for home meal-kit delivery
service, and college-oriented news website, chronicle.com. Most of the data consists of phone
numbers, email addresses, names, password hashes, and much other personal information. The
hackers did not show prejudice, picking the eleven companies from different parts of the world. The
most notable areas were the United States and Asia.
· Tokopedia , 91 million records for US$5,000
· Chatbooks , 15 million records for US$3,500
· Styleshare , 6 million records for US$2,700
· Homechef , 8 million records for US$2,500
· Minted, 5 million records for US$2,500
· The Chronicle of Higher Education, 3 million records for US$1,500
· Mindful, 2 million records for US$1,300
· Ggumim , 2 million records for US$1,300
· Bhinneka , 2 million records for US$1,200
· StarTribune , 1 million records for US$1,100
· Zoosk , 30 million records for US$500
One of the affected companies, Chatbooks, has taken action to notify its users about the breach.
And, the others should do the same as they are aware of the data breach.
If you use any of these services, you should change your passwords immediately. You can also
reinforce your accounts with two-factor authentication if the website supports it. Then, particularly
if you tend to reuse a password, try to strengthen the security around your other accounts.
In the meantime, Shiny Hunters have claimed to be responsible for hacking Microsoft’s GitHub
accounts. They then threatened to release the private projects they stole. According to an unnamed
employee at Microsoft, the information about the breach was true. However, the Redmond giant
hasn’t confirmed if their GitHub account has been breached.