Hacker group floods dark web with data stolen from 11 companies
By Lawrence Abrams
Published: 2020-05-09 · Archived: 2026-04-05 23:44:41 UTC
A hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2
million user records over 11 different companies.
For the past week, a hacking group known as Shiny Hunters has been busy selling a steady stream of user databases from
alleged data breaches.
It started last weekend with Tokopedia, Indonesia's largest online store, where a database of over 90 million user records was
being sold.
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Page 1 of 5

0:00
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Page 2 of 5

Visit Advertiser websiteGO TO PAGE
Soon after, Shiny Hunters began selling a database of 22 million user records for Unacademy, one of India's largest online
learning platforms. After being contacted by BleepingComputer, the company released a statement that their company was
breached.
On Wednesday, Shiny Hunters continued their rampage by claiming to hack into Microsoft's GitHub account earlier this
year and leaking files from the company's private source code repositories.
Microsoft GitHub account breach
While Microsoft has not officially admitted that their GitHub account was breached, sources have told BleepingComputer
that the shared data was indeed private repositories only accessible to Microsoft employees.
Now selling user records from 11 data breaches
Earlier this week, BleepingComputer was told by cyber intelligence firm ZeroFox that Shiny Hunters had begun selling
databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for
higher education.
With the three databases combined, there are a total of 26 million accounts being sold with initial prices for each
database ranging between $1,500 and $2,500. Some of the prices have changed since then (e.g. for the ChatBooks records,
the initial offer increased to $3,500).
Soon after reporting on these breaches, ChatBooks started sending data breach notifications to their users.
Last night, cyber intelligence firm Cyble told BleepingComputer that Shiny Hunters had started to "flood the market" with
new data breaches from other companies, bringing the total amount of user databases being sold to 11.
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Page 3 of 5

Company User Records Price
Tokopedia 91 million $5,000
Homechef 8 million $2,500
Bhinneka 1.2 million $1,200
Minted 5 million $2,500
Styleshare 6 million $2,700
Ggumim 2 million $1,300
Mindful 2 million $1,300
StarTribune 1 million $1,100
ChatBooks 15 million $3,500
The Chronicle Of Higher Education 3 million $1,500
Zoosk 30 million $500
From samples of user records seen by BleepingComputer, the data breaches look legitimate, but they have not been 100%
confirmed.
Sample user database being sold
After being told about the new databases being sold, BleepingComputer had contacted the affected companies but has not
heard back yet.
To be safe, if you have an account at any of the sites listed above, it is strongly suggested that you change your password to
a strong and unique one used only at that site.
If the same password has been used at other sites, change your password to a unique one there as well.
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Page 4 of 5

Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Page 5 of 5