DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“ShinyHunters” lists more than 160 million user records from 11 companies for sale on dark web

Posted on May 10, 2020 by Dissent

A new individual or group that appears to be a reincarnation of GnosticPlayers is offering millions of user records for sale on the dark web.

The records offered by “ShinyHunters” on a well-known dark web market appear to come from 11 firms.

Listings by ShinyHunters on Empire Market as of May 9, 2020.

The firms listed by ShinyHunters include Tokopedia (91 Million), HomeChef (8 Million), Bhinneka (1.2 Million), Minted (5 Million), StyleShare (6 Million), Ggumim (2 Million), Mindful (2 Million), Star Tribune (1 Million), Chatbooks (15 Million), Chronicle of Education (3 Million), and Zoosk (30 Million).

Although Tokopedia and Chatbooks have confirmed that they had breaches, for the most part, the other entities listed have yet to confirm or dispute any claimed hacks.  In the past, hackers had claimed to hack Zoosk, but the firm had denied the claims. The current listing offers no sample records but claims to have 30 million records with no hashes, with the structure of the users table offered as the only proof. Zoosk was not immediately available to respond to this site’s inquiry about the claim. Proof for other listings also generally consisted of structure or fields without actual personal info.

Who is ShinyHunters?

The group known as “ShinyHunters” first appeared under that alias on RaidForums on April 17, 2020.  A companion Twitter account, @sh_corp opened in January, 2020, as did the ShinyHunters dark web account.

The 11 firms currently listed on the dark web market are not the only hacks or dumps attributed to this group. They have also listed other databases on RaidForums as ShinyHunters: ActionNetwork.com (693k), Bitrewards.com (547k), and Ulmon.com (1m).

In addition to databases listed under their name, there are other databases or dumps that have also been attributed to them. The recently disclosed Unacademy breach, which has also been attributed to the same threat actors by ZeroFox Alpha Team, is not listed as part of their sale offerings.

ShinyHunters have also been linked to another account on RaidForums that listed 500 GB of Microsoft’s private source code. That account calls itself “fs0c131y,” using the well-known Twitter identity of a French security researcher (Elliot Alderson). The RaidForums fs0c131y account links to the the ShinyHunters Twitter account and not Alderson’s Twitter account.

Why ShinyHunters or one particular member of ShinyHunters has a grudge against @fs0c131y on Twitter is unclear, but one of their posts on Raid Forums mocked the researcher’s Twitter account:

Fighting FOIA at fs0c131y. Utterly schizophrenic. Taking pleasure to publicly bully and humiliate beginners on Twitter, toxic information security dumbass, decided to upload whole Microsoft source code taken from its Github.
48GB using 7z compression, just enough to store on the cloud.
Black hat. Freedom of doing illegal things isn’t dead.
Enjoy

Prior to calling themelf “fs0c131y” on RaidForums, the same user had called themself “whysodank.”  Like at least two members of the former GnosticPlayers, whysodank favored jabber.ua as their Jabber server.

Regardless of what they call themself or themselves, the new listings are certainly reminiscent of Gnosticplayers, and the recent listing of Bukapalak  data from a breach that had also linked to Gnosticplayers would be consistent with that hypothesis, even though the listing is not by “ShinyHunters” or “fs0c131y” and has been offered by individuals with various usernames.

While ZeroFox compared ShinyHunters to GnosticPlayers, they did not go so far as to say that Shiny Hunters is the same threat actor(s) formerly known as GnosticPlayers.  DataBreaches.net strongly suspects that Shiny Hunters *is* the threat actor(s) formerly known as GnosticPlayers — in particular, one specific individual who had been known as “NSFW.”

NSFW disappeared from public spaces in January after Vinny Troia had publicly accused NSFW of involvement in numerous criminal hacks. At the time, Troia seemed to think that NSFW was going to turn himself into law enforcement or be arrested soon. Neither appears to have occurred, and a new account on RaidForums called “Vinny Troia” that seems intended to harm Troia’s reputation could be the spiteful work of NSFW. Then again, it might be any of a number of other people whom Troia has accused of criminal conduct. Troia believes that people are vindictive because he is right in his accusations. They might also be ticked off because he is wrong in some cases. DataBreaches.net believes that Troia has made several errors in his attributions, but is waiting to see his alleged proof before responding in more detail.

In the interim, DataBreaches has reached out to one member of the former GnosticPlayers and will update this post is additional information is received.

 

 


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Bitcoin holds steady as hackers drain over $40 million from CoinCDX, India's top exchange
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
Category: Business SectorHack

Post navigation

← ‘Our data is secure’: Bukalapak denies reports of user data breach
Managed Service Providers Face Threats From Hackers and Clients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report