In a significant breach of cybersecurity, a hacker identified as ShinyHunters has leaked an astounding 386 million user records from 18 different companies. This massive release occurred on a popular hacker forum on July 21, 2020, where the actor shared databases taken from various companies that have suffered data breaches.
"These records were leaked for everyone's benefit," stated ShinyHunters when approached for comments about the motivations behind this massive data dump. Such forums are typically notorious for trading stolen information, with sellers often looking to profit from their illicit gains before sharing the data freely to build reputation within the hacking community.
"These records were leaked for everyone's benefit,"
Among the companies affected by this breach are notable names such as Wattpad, Drizly, and Dave. ShinyHunters has been linked to a variety of data breaches over the past year that have involved numerous high-profile companies including Mathway, HomeChef, and even Microsoft's private GitHub repository.
Data that has been leaked typically undergoes a pattern: initially, it is sold at steep prices—ranging from $500 for less valuable databases like Zoosk to as much as $100,000 for more critical breaches like that of Wattpad. After they are deemed no longer profitable, threat actors, as is the case here, release them for free as a strategic move to bolster their reputation in underground circles.
The breaches exposed by ShinyHunters include both previously disclosed and new incidents. Nine of the databases have been reported before, while the remaining nine have not, raising fresh alarms over their vulnerability. Companies such as Havenly, Proctoru, and Scentbird are among those whose breaches have gone unreported until now.
By the Numbers
By the Numbers
By the Numbers
The following table summarizes the data breaches, including the total user records affected:
By the Numbers
By the Numbers
| Company | User Records | Reported Breach Date | Known? | | --- | --- | --- | --- | | Appen.com | 5.8 Million | N/A | No | | Chatbooks.com | 15.8 Million | March 26th, 2020 | Yes | | Dave.com | 7 Million | July 2020 * | Yes | | Drizly.com | 2.4 Million | July 2020 * | No | | GGumim.co.kr | 2.3 Million | March 2020 * | Yes | | Havenly.com | 1.3 Million | June 2020 * | No | | Hurb.com | 20 Million | N/A | Yes | | Indabamusic.com | 475 Thousand | N/A | No | | Ivoy.mx | 127 Thousand | N/A | No | | Mathway.com | 25.8 Million | January 2020 * | Yes | | Proctoru.com | 444 Thousand | N/A | No | | Promo.com | 22 Million | July 2020 | Yes | | Rewards1.com | 3 Million | July 2020 * | No | | Scentbird.com | 5.8 Million | N/A | No | | Swvl.com | 4 Million | N/A | Yes | | TrueFire.com | 602 Thousand | N/A | Yes | | Vakinha.com.br | 4.8 Million | N/A | No | | Wattpad | 270 Million | June 2020 * | Yes | | * Based on threat actor's statements.
By the Numbers
According to analyses performed on samples of these leaked databases, BleepingComputer has validated that a significant number of exposed email addresses match real accounts across the services mentioned. While some of these records do not include passwords, the leak still represents a treasure trove of information that could be exploited by malicious actors.
As organizations continue to battle against cybersecurity threats, breaches of this magnitude prompt urgent calls for enhanced security measures. The implications of such leaks not only concern the individuals whose data has been compromised but also underscore the responsibility businesses have in safeguarding sensitive information.
Moving forward, the cybersecurity landscape will require a concerted effort by both companies and individuals to mitigate risks associated with data breaches. As hackers find new ways to infiltrate systems, remaining vigilant is crucial for ensuring the safety of user information.