| Names | ShinyHunters (self given) |
| Country | [Unknown] |
| Motivation | Financial gain |
| First seen | 2020 |
| Description | (ZeroFOX) ShinyHunters is taking a page out of the book of Gnosticplayers, the breach data broker who in 2018-2019 pilfered billions of records from dozens of companies and sold them online. Due to the verification of the Tokopedia breach by multiple researchers and the company itself, ZeroFOX Alpha Team has HIGH confidence that these new breaches are legitimate, and will most likely be available on other breach marketplaces at lower prices in the near future. It is likely that this actor will continue to breach companies and post their content for sale. These tactics proved both successful and profitable for gnosticplayers, and it is likely they will continue to appeal to other breach brokers for these reasons. |
| Observed | |
| Tools used | |
| Operations performed | Jan 2020 | Hacker leaks 40 million user records from popular Wishbone app
<https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/> |
| Jan 2020 | 25 million user records leak online from popular math app Mathway
<https://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/> |
| Mar 2020 | Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store
<https://www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/> |
| Mar 2020 | A hacker claims to have stolen over 500GB of data from Microsoft's private GitHub repositories, BleepingComputer has learned.
<https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/> |
| Mar 2020 | Hackers sell stolen user data from HomeChef, ChatBooks, and Chronicle
<https://www.bleepingcomputer.com/news/security/hackers-sell-stolen-user-data-from-homechef-chatbooks-and-chronicle/> |
| May 2020 | Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.
<https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/> |
| Jun 2020 | Havenly discloses data breach after 1.3M accounts leaked online
<https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/> |
| Jul 2020 | An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.
<https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/> |
| Jul 2020 | Tech unicorn Dave admits to security breach impacting 7.5 million users
<https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/> |
| Jul 2020 | Promo.com discloses data breach after 22M user records leaked online
<https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/> |
| Nov 2020 | ShinyHunters hacker leaks 5.22GB worth of Mashable.com database
<https://www.hackread.com/shinyhunters-hacker-leaks-mashable-database/> |
| Nov 2020 | Popular stock photo service hit by data breach, 8.3M records for sale
<https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/> |
| Nov 2020 | Hacker posts 1.9 million Pixlr user records for free on forum
<https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/> |
| Jan 2021 | Hacker leaks full database of 77 million Nitro PDF user records
<https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/> |
| Jan 2021 | Hacker leaks data of millions of Teespring users
<https://www.zdnet.com/article/hacker-leaks-data-of-millions-of-teespring-users/> |
| Jan 2021 | Bonobos clothing store suffers a data breach, hacker leaks 70GB database
<https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/> |
| Jan 2021 | Hacker leaks data of 2.28 million dating site users
<https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/>
<https://www.riskbasedsecurity.com/2021/01/25/shinyhunters-wave-3-one-hacker-exposes-over-125-million-credentials/> |
| Apr 2021 | Shifting Strategies: ShinyHunters and Known Cyber Threat Actors Change Tactics
<https://www.riskbasedsecurity.com/2021/04/21/shifting-strategies-shinyhunters-and-known-cyber-threat-actors-change-tactics/> |
| Apr 2021 | ShinyHunters dump partial database of broker firm Upstox
<https://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/> |
| Apr 2021 | Hacker leaks 20 million alleged BigBasket user records for free
<https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/> |
| May 2021 | ShinyHunters leak database of Indian wedding portal WedMeGood
<https://www.hackread.com/shinyhunters-leak-india-wedmegood-database/> |
| Aug 2021 | AT&T denies data breach after hacker auctions 70 million user database
<https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/>
<https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/> |
| Dec 2021 | This time, the victim is a Fortune India 500 List company: Mumbai-headquartered Aditya Birla Group (ABG).
<https://www.databreaches.net/major-indian-fashion-retailer-hacked-and-data-leaked/> |
| Jun 2023 | BreachForums Returns Under the Control of ShinyHunters Hackers
<https://www.hackread.com/breachforums-returns-with-shinyhunters-hackers/>
<https://www.databreaches.net/confused-about-the-drama-with-the-new-breachforums-reading-this-will-either-help-you-or-make-your-head-spin/> |
| Aug 2023 | Pizza Hut Australia customer data hacked; ShinyHunters claims to have more than 1 million customers’ information
<https://www.databreaches.net/pizza-hut-australia-customer-data-hacked-shinyhunters-claims-to-have-more-than-1-million-customers-information/> |
| May 2024 | ShinyHunters claims Santander breach, selling data for 30M customers
<https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/> |
| May 2024 | Data of 560 million Ticketmaster customers for sale after alleged breach
<https://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/> |
| May 2024 | BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?
<https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html> |
| Counter operations | Jun 2022 | Alleged member of ShinyHunters held in Morocco on Interpol Red Notice, U.S. seeking extradition
<https://www.databreaches.net/alleged-member-of-shinyhunters-held-in-morocco-on-interpol-red-notice-u-s-seeking-extradition-reports/> |
| Sep 2023 | French cybercriminal pleads guilty to fraud and aggravated identity theft for hacking private information
<https://www.justice.gov/usao-wdwa/pr/french-cybercriminal-pleads-guilty-fraud-and-aggravated-identity-theft-hacking-private> |
| Jan 2024 | ShinyHunters member gets 3 years in prison for breaching 60 firms
<https://www.bleepingcomputer.com/news/security/shinyhunters-member-gets-3-years-in-prison-for-breaching-60-firms/> |
| May 2024 | FBI seize BreachForums hacking forum used to leak stolen data
<https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/> |
| Information | <https://www.zerofox.com/blog/shinyhunters-breach/>
<https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/>
<https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/>
<https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/>
<https://www.bankinfosecurity.com/anatomy-breach-criminal-data-brokers-hit-dave-a-14715>
<https://www.bankinfosecurity.com/blogs/data-breaches-shinyhunters-dominance-continues-p-2998>
<https://www.helpnetsecurity.com/2024/03/07/shinyhunters-group/>
<https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/> |
Other threat group: ShinyHunters
