A new wave of data breaches emerges as reports about millions of data being stolen from different firms surface online. The details reveal that the same threat actor group, ShinyHunters, has targeted all the data breach victims.
ShinyHunters Conducting Different Data Breach Incidents
Over the past few days, numerous data breach reports have surfaced online, all of which link back to the threat actors ShinyHunters. The attackers do not end up stealing the data. Rather they swiftly move on to sell the data on the dark web as well.
Below is a quick overview of some of the major breaches that the companies disclosed recently. Though, they aren’t the only incidents. Rather the attackers have previously hacked many other organizations as well. Before these disclosures, the attackers even put the data of 17 victim firms on sale via a broker.
Animal Jam Data Breach
Kids’ online game Animal Jam disclosed a data breach recently via a security update. Reportedly, the breach affected nearly 46 million user accounts leaking the login credentials (user names and hashed passwords), parent names, IP addresses, dates of birth, and physical address.
According to Bleeping Computer, the breached data also included 7 million unique email addresses. The WildWorks CEO told Bleeping Computer that the attackers might have compromised the firm’s Slack server to obtain the AWS key.
123rf.com Data Breach
Right after Animal Jam, the stock image website 123RF.com confirmed a cyber attack hit the service. Separate media sources confirmed the breach as they came across the samples of data stolen from the service.
Following the disclosure, the vendors also confirmed the incident to Bleeping Computer.
As per reports, the breach affected over 8 million customers, leaking their names, email addresses, contact numbers, physical addresses, IP addresses, PayPal (where used), and MD5 hashed passwords that were very easy to decrypt.
Pluto TV Data Breach
Lately, Bleeping Computer has confirmed the third incident of a data breach from the same trail. This time, the incident hit the TV service Pluto TV.
The data breach affected around 3.2 million customers. Whereas, the leaked details included users’ email addresses, names, dates of birth, device platform, IP address, and bcrypt hashed passwords.
While Pluto TV didn’t explicitly confirm the incident until the time of writing this matter, they have assured to investigate the claims.
Data Sold On Dark Web
Before these three incidents, we heard of a cyber attack on Singapore’s e-commerce site Lazada RedMart affecting 1.1 million users.
Whether it is about RedMart or the subsequent victims, the attacks always link back to the same threat actor group ShinyHunters.
Besides, in almost every case, the firms didn’t disclose the incident themselves. Rather the matter caught attention after the attackers put up the data for sale on the dark web. Yet, they do not do it themselves, rather a third-party broker (apparently) dumps the data whilst crediting ShinyHunters.
Regardless of what details come up from the firms, and whether or not the victim firms inform the customers, the dumped data clearly shows that the attackers have managed to pilfer a huge treasure trove of data, which would supposedly include chunks of new information.
What’s risky is that the database almost always includes the passwords either encrypted or in plaintext forms.
Fortunately, HaveIBeenPwned has uploaded the recent data dumps on the site. Therefore, what every internet user should now do is to check for a potential appearance in the latest breached data. If found, the users should ensure resetting the login details.
Even if not, it’s still better to reset passwords of every account you maintain on any online service to, at least, keep the account safe from misuse.