ShinyHunters

Last updated

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web. [1] [2]

Contents

Name and alias

The name of the group is believed to be derived from shiny Pokémon, a mechanic in the Pokémon video game franchise where Pokémon have a rare chance of being encountered in an alternate, "shiny" color scheme, with such Pokémon considered elusive to players. [3] The avatar of a Twitter profile tied to the group contains a picture of a shiny Pokémon. [3]

Notable data breaches

Other data breaches

The following are other hacks that have been credited to or allegedly done by ShinyHunters. The estimated impacts of user records affected are also given. [26] [27] [28]

Lawsuits

ShinyHunters group is under investigation by the FBI, the Indonesian police, and the Indian police for the Tokopedia breach. Tokopedia's CEO and founder also confirmed this claim via a statement on Twitter. [39] [40]

Minted company reported the group's hack to US federal law enforcement authorities; the investigation is underway. [41]

Administrative documents from California reveal how ShinyHunters' hack has led to Mammoth Media, the creator of the app Wishbone, getting hit with a class-action lawsuit. [42]

Animal Jam stated that they are preparing to report ShinyHunters to the FBI Cyber Task Force and notify all affected emails. They have also created a 'Data Breach Alert' on their site to answer questions related to the breach. [43]

BigBasket filed a First Information Report (FIR) on November 6, 2020, to the Bengaluru Police to investigate the incident. [44]

Dave also initiated an investigation against the group for the company's security breach. The investigation is ongoing and the company is coordinating with local law enforcement and the FBI. [45]

Wattpad stated that they reported the incident to law enforcement and engaged third-party security experts to assist them in an investigation. [46]

Arrests

In May 2022, Sébastien Raoult, a French programmer suspected of belonging to the group, was arrested in Morocco and extradited to the United States. He faced 20 to 116 years in prison. [47] [48]

In January 2024 Raoult was sentenced to three years in prison and ordered to return five million dollars. [49] Twelve months of the sentence are for conspiracy to commit wire fraud and the remainder for aggravated identity theft. [49] He will face 36 months of supervised release afterwards. [49] Raoult had worked for the group for more than two years according to the US Attorney's Office for the Western District of Washington. [49]

Related Research Articles

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

<span class="mw-page-title-main">Gravatar</span> Web service providing individuals with a "Globally Recognized Avatar"

Gravatar is a service for providing globally unique avatars and was created by Tom Preston-Werner. Since 2007, it has been owned by Automattic, having integrated it into their WordPress.com blogging platform.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

In July 2012, Yahoo Voice, a user-generated content platform owned by Yahoo, suffered a major data breach. On July 11, 2012, a hacking group calling itself "D33DS Company" posted a file online containing approximately 450,000 login credentials and passwords from Yahoo Voice users. The data was obtained through a SQL injection attack that exploited vulnerabilities in Yahoo's database servers.

PT Tokopedia is an Indonesian e-commerce company. Tokopedia is a subsidiary of a new holding company called GoTo, following a merger with Gojek on 17 May 2021. It is one of the most visited e-commerce platforms in Indonesia.

In July 2015, an unknown person or group calling itself "The Impact Team" announced they had stolen the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The hacker(s) copied personal information about the site's user base and threatened to release users' names and personal identifying information if Ashley Madison would not immediately shut down. As evidence of the seriousness of the threat, the personal information of more than 2,500 users was initially released. The company initially denied that its records were insecure, but it continued to operate.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In 2013 and 2014, the American web services company Yahoo was subjected to two of the largest data breaches on record. Although Yahoo was aware, neither breach was revealed publicly until September 2016.

The American cloud storage and file synchronization company Dropbox Inc. had several security and privacy controversies. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords; a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data; concerns about Dropbox employee access to users' information; July 2012 email spam with reoccurrence in February 2013; leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program; a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption; the leak of 68 million account passwords on the Internet in August 2016; and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.

Collection #1 is the name of a set of email addresses and passwords that appeared on the dark web around January 2019. The database contains over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. The list, reviewed by computer security experts, contains exposed addresses and passwords from over 2000 previous data breaches as well as an estimated 140 million new email addresses and 10 million new passwords from previously unknown sources, and collectively makes it the largest data breach on the Internet.

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, Canva, and several other online services.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

<span class="mw-page-title-main">2021 Epik data breach</span> 2021 cybersecurity incident in America

The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

<span class="mw-page-title-main">Alon Gal</span> Cybersecurity expert

Alon Gal is an Israeli cybersecurity expert and entrepreneur. He is the co-founder and chief technology officer of Hudson Rock, a cybercrime intelligence company.

<span class="mw-page-title-main">Vinny Troia</span> American cybersecurity researcher

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking. Troia is also known for disclosing the Shanghai police database leak in 2022.

References

  1. 1 2 "ShinyHunters Is a Hacking Group on a Data Breach Spree". Wired. ISSN   1059-1028 . Retrieved 2021-01-25.
  2. Cimpanu, Catalin. "A hacker group is selling more than 100 billion user records on the dark web". ZDNet. Retrieved 2021-01-25.
  3. 1 2 Hernandez, Patricia (2 February 2016). "One Man's Five-Year Quest To Find A Shiny Pokémon". Kotaku. Archived from the original on 16 December 2017. Retrieved 15 December 2017.
  4. "A Notorious Hacker Gang Claims to Be Selling Data on 70 Million AT&T Subscribers". GIzmodo. 21 August 2021. Retrieved 26 August 2023.
  5. "AT&T finally acknowledged the data breach". Bleeping Computer. Retrieved 26 August 2023.
  6. "AT&T acknowledges data breach affecting 51 million people - Panda Security". 12 April 2024.
  7. Cimpanu, Catalin. "Hacker leaks 40 million user records from popular Wishbone app". ZDNet. Retrieved 2021-01-25.
  8. "Microsoft's GitHub account breached by threat actors Shiny Hunters". TechGenix. May 21, 2020.
  9. "'Shiny Hunters' bursts onto dark web scene following spate of breaches". SC Media. May 8, 2020.
  10. "Microsoft's GitHub account hacked, private repositories stolen". BleepingComputer.
  11. Deschamps, Tara (2020-07-21). "Wattpad storytelling platform says hackers had access to user email addresses". CTVNews. Retrieved 2021-01-25.
  12. "Wattpad warns of data breach that stole user info | CBC News". CBC. Retrieved 2021-01-25.
  13. "Wattpad data breach exposes account info for millions of users". BleepingComputer. Retrieved 2021-01-25.
  14. "ShinyHunters hacked Pluto TV service, 3.2M accounts exposed". Security Affairs. 2020-11-15. Retrieved 2021-01-25.
  15. "3 Million Pluto TV Users' Data Was Hacked, But the Company Isn't Telling Them". www.vice.com. 4 December 2020. Retrieved 2021-01-25.
  16. "Animal Jam was hacked, and data stolen; here's what parents need to know". TechCrunch. 16 November 2020. Retrieved 2021-01-25.
  17. "Animal Jam kids' virtual world hit by data breach, impacts 46M accounts". BleepingComputer. Retrieved 2021-01-25.
  18. "ShinyHunters hacker leaks 5.22GB worth of Mashable.com database". 5 November 2020. Retrieved 27 May 2023.
  19. Service, Tribune News. "Hacker leaks 1.9 million user records of photo editing app Pixlr". Tribuneindia News Service. Retrieved 2021-01-25.
  20. "Hacker leaks full database of 77 million Nitro PDF user records". BleepingComputer. Retrieved 2021-01-25.
  21. "Bonobos clothing store suffers a data breach, hacker leaks 70GB database". BleepingComputer. Retrieved 2021-01-25.
  22. "Bonobos clothing store suffers a data breach, hacker leaks 70GB database". RestorePrivacy. 11 January 2022. Retrieved 2022-01-11.
  23. "All Santander staff and millions of customers have data hacked". www.bbc.com. Retrieved 2024-07-22.
  24. Zetter, Kim. "Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake". Wired. ISSN   1059-1028 . Retrieved 2024-07-22.
  25. Zetter, Kim. "AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records". Wired. ISSN   1059-1028 . Retrieved 2024-08-04.
  26. May 2020, Jitendra Soni 11 (11 May 2020). "ShinyHunters leak millions of user details". TechRadar. Retrieved 2021-01-25.{{cite web}}: CS1 maint: numeric names: authors list (link)
  27. July 2020, Nicholas Fearn 29 (29 July 2020). "386 million user records stolen in data breaches — and they're being given away for free". Tom's Guide. Retrieved 2021-01-25.{{cite web}}: CS1 maint: numeric names: authors list (link)
  28. ""Shiny Hunters" Hacker Group Keep 73 Mn User Records on Darknet". CISO MAG | Cyber Security Magazine. 2020-05-11. Retrieved 2021-01-25.
  29. "Amazon, Swiggy's payment processor hit by data breach". The Times of India. Retrieved 2021-01-05.
  30. 1 2 3 4 5 6 7 8 9 10 Cimpanu, Catalin. "A hacker group is selling more than 73 million user records on the dark web". ZDNet.
  31. "ShinyHunters Offers Stolen Data on Dark Web". Dark Reading. 28 July 2020. Retrieved 2021-01-25.
  32. 1 2 3 4 5 6 7 "ShinyHunters Offers Stolen Data on Dark Web". Dark Reading. 28 July 2020.
  33. 1 2 3 4 5 6 7 8 9 "ShinyHunters leaked over 386 million user records from 18 companies". Security Affairs. July 28, 2020.
  34. "Promo.com data breach impacts 23 million content creators". The Daily Swig | Cybersecurity news and views. July 28, 2020.
  35. Taylor, Charlie. "Irish start-up Glofox investigates possible data breach". The Irish Times. Retrieved 2021-01-25.
  36. Defense, Binary. "Shiny Hunters Group Selling Data Stolen From 11 Different Companies" . Retrieved 27 May 2023.
  37. "Shiny Hunters hackers try to sell a host of user records from breaches". MalwareTips Community.
  38. "ShinyHunters dump partial database of broker firm Upstox". hackread.com. 12 April 2021.
  39. "Who are Shiny Hunters?". AndroidRookies. May 21, 2020.
  40. @UnderTheBreach (May 13, 2020). "Twitter post" (Tweet) via Twitter.[ dead link ]
  41. "Minted confirms data breach as Shiny Hunters sell its database". 29 May 2020.
  42. "Wishbone App Maker Mammoth Media Hit with Class Action Over Data Breach Affecting 40 Million Users". www.classaction.org. 4 June 2020.
  43. "Animal Jam kids' virtual world hit by data breach, impacts 46M accounts". BleepingComputer.
  44. "BIGBASKET, INDIA'S LEADING ONLINE SUPERMARKET SHOPPING, ALLEGEDLY BREACHED. PERSONAL DETAILS OF OVER 20 MILLION PEOPLE SOLD IN DARKWEB | Cyble". cybleinc.com. 7 November 2020.
  45. "Security incident at Dave". A Banking Blog for Humans. July 25, 2020.
  46. "FAQs on the Recent Wattpad Security Incident". Help Center.
  47. "Sébastien Raoult, Français incarcéré au Maroc, menacé d'extradition aux Etats-Unis où il risque une lourde peine". lemonde.fr (in French). August 3, 2022.
  48. "Cybercriminalité: Détenu aux Etats-Unis, le Français Sébastien Raoult espère toujours un "retour en France"". 31 May 2023.
  49. 1 2 3 4 Jones, Connor (2024-01-10). "ShinyHunters chief phisherman gets 3 years, must cough up $5M". The Register . Retrieved 2024-01-12.