Background
Member Login
menu

Hacker Leaked 386 Million User Records Stolen From 18 Companies For Free

29/07/2020

A hacker or group of hackers is giving away copies of databases stolen from various data breaches.

The database is said to contain 386 million user records, stolen from 18 different websites in the past seven months.

The threat actor who goes by the name ShinyHunters, claims to have data.

The hacker that is believed to have been involved in or responsible for numerous data breaches this 2020, including Wattpad, Dave, Chatbooks, Promo.com, Mathway, HomeChef, and the breach of Microsoft private GitHub repository, posted links to the databases on a marketplace used by cybercriminals, where anyone can download them free of charge.

ShinyHunters is believed to have made a large sum of money by selling this data online.

This is considering that before sharing the stolen databases for free, ShinyHunters was selling them with the cheapest databases offered for $500 (Zoosk), while the most valuable was listed at $100,000 (Wattpad).

ShinyHunters leaking databases
Credit: BleepingComputer

Here is the list of the 18 affected companies:

  1. Appen.com - 5.8 million records.
  2. Chatbooks.com - 15.8 million records.
  3. Dave.com - 7 million records.
  4. Drizly.com - 2.4 million records.
  5. GGumim.co.kr - 2.4 million records.
  6. Havenly.com - 1.3 million records.
  7. Hurb.com - 20 million records.
  8. Indabamusic.com - 475,000 records.
  9. Ivoy.mx - 127,000 records.
  10. Mathway - 25.8 million records.
  11. Proctoru.com - 444,000 records.
  12. Promo.com - 22 million records.
  13. Rewards1.com - 3 million records.
  14. Scentbird.com - 5.8 million records.
  15. Swvl.com - 4 million records.
  16. Truefire.com.com - 602,000 records.
  17. Vakinha.com.br - 4.8 million records.
  18. Wattpad - 270 million records.

From the above, 9 companies had not been reported before, noted BleepingComputer.

After viewing some of these databases, BleepingComputer's Lawrence Abrams believes that the data is legitimate because “the exposed email addresses correspond to accounts on the services”.

But still, many of the stolen data has been leaking before, meaning that the free giveaway isn't putting much to the table. This isn't a huge surprise that the hacker is sharing the data for free, considering that they have been out in the public domain for quite some time.

What makes it interesting though according to researchers is that, half of those breaches have not been disclosed. By giving them away for free, it seems that ShinyHunters may not see financial gains as its primary goal.

ShinyHunters was relatively unknown. But after its success hacks and by leaking the millions of users' real names, emails, home addresses, phone numbers, date of birth and many more, by the start of July, its name started becoming a well-known data breach broker.

When reached by BleepingComputer, the hacker said that:

"I just thought: 'I've made enough money now' so I leaked for everyone's benefit. Obviously, some people are a little upset because they paid resellers a few days ago, but I don't care."