{ "id": "717aeacc-d9bf-4302-ab59-0c53fdfd73f1", "created_at": "2026-04-06T00:09:14.947719Z", "updated_at": "2026-04-10T03:24:29.414854Z", "deleted_at": null, "sha1_hash": "c02f88bbf0d143e68dedd760630ab7d539436db2", "title": "Hacker group floods dark web with data stolen from 11 companies", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3149961, "plain_text": "Hacker group floods dark web with data stolen from 11 companies\r\nBy Lawrence Abrams\r\nPublished: 2020-05-09 · Archived: 2026-04-05 23:44:41 UTC\r\nA hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2\r\nmillion user records over 11 different companies.\r\nFor the past week, a hacking group known as Shiny Hunters has been busy selling a steady stream of user databases from\r\nalleged data breaches.\r\nIt started last weekend with Tokopedia, Indonesia's largest online store, where a database of over 90 million user records was\r\nbeing sold.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nSoon after, Shiny Hunters began selling a database of 22 million user records for Unacademy, one of India's largest online\r\nlearning platforms. After being contacted by BleepingComputer, the company released a statement that their company was\r\nbreached.\r\nOn Wednesday, Shiny Hunters continued their rampage by claiming to hack into Microsoft's GitHub account earlier this\r\nyear and leaking files from the company's private source code repositories.\r\nMicrosoft GitHub account breach\r\nWhile Microsoft has not officially admitted that their GitHub account was breached, sources have told BleepingComputer\r\nthat the shared data was indeed private repositories only accessible to Microsoft employees.\r\nNow selling user records from 11 data breaches\r\nEarlier this week, BleepingComputer was told by cyber intelligence firm ZeroFox that Shiny Hunters had begun selling\r\ndatabases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for\r\nhigher education.\r\nWith the three databases combined, there are a total of 26 million accounts being sold with initial prices for each\r\ndatabase ranging between $1,500 and $2,500. Some of the prices have changed since then (e.g. for the ChatBooks records,\r\nthe initial offer increased to $3,500).\r\nSoon after reporting on these breaches, ChatBooks started sending data breach notifications to their users.\r\nLast night, cyber intelligence firm Cyble told BleepingComputer that Shiny Hunters had started to \"flood the market\" with\r\nnew data breaches from other companies, bringing the total amount of user databases being sold to 11.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nPage 3 of 5\n\nCompany User Records Price\r\nTokopedia 91 million $5,000\r\nHomechef 8 million $2,500\r\nBhinneka 1.2 million $1,200\r\nMinted 5 million $2,500\r\nStyleshare 6 million $2,700\r\nGgumim 2 million $1,300\r\nMindful 2 million $1,300\r\nStarTribune 1 million $1,100\r\nChatBooks 15 million $3,500\r\nThe Chronicle Of Higher Education 3 million $1,500\r\nZoosk 30 million $500\r\nFrom samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been 100%\r\nconfirmed.\r\nSample user database being sold\r\nAfter being told about the new databases being sold, BleepingComputer had contacted the affected companies but has not\r\nheard back yet.\r\nTo be safe, if you have an account at any of the sites listed above, it is strongly suggested that you change your password to\r\na strong and unique one used only at that site.\r\nIf the same password has been used at other sites, change your password to a unique one there as well.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nhttps://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/" ], "report_names": [ "hacker-group-floods-dark-web-with-data-stolen-from-11-companies" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434154, "ts_updated_at": 1775791469, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c02f88bbf0d143e68dedd760630ab7d539436db2.pdf", "text": "https://archive.orkl.eu/c02f88bbf0d143e68dedd760630ab7d539436db2.txt", "img": "https://archive.orkl.eu/c02f88bbf0d143e68dedd760630ab7d539436db2.jpg" } }