A hacking group ShinyHunters is selling over 73.2 million users records on the dark web according to a report by ZDNet .

According to the report, the hackers are from the same group that had attacked Indonesia’s largest online store Tokopedia.

The e-commerce platform had released a statement that had said that it was investigating a potential data breach after gaining knowledge of claims that the details of millions of its users had been leaked online.

“We found that there had been an attempt to steal data from Tokopedia users,” a spokesman for the company said in a statement as quoted by Reuters .

“However, Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption,” he had said.

The claims had been first spotted by a data breach monitoring firm Under the Breach that had published Twitter post showing screenshots from an unnamed individual stating that he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the website.

According to the report, these hackers belong to the group ShinyHunters. They had initially leaked 15 million user records online for free. The company's entire database consisting of 91 million user records was later put on sale on the dark web for $5,000.

The same group has now put up databases of 10 more companies for sale on the dark web. These records include databases allegedly stolen from organisations such as the dating app, Zoosk, of which the hackers have leaked 30 million user records.

It also includes 15 million user records from printing service Chatbooks, 6 million user records from South Korean fashion platform SocialShare and eight million user records from food deliver service Home Chef among others. It also includes data from media organizations such as health magazine Mindful, US newspaper StarTribune, online newspaper Chronicle of Higher Education and South Korean furniture magazine GGuMim

The listed databases include 73.2 million user records put up on sale for around $18,000 as each database is sold separately, the report said.

ZDNet could not verify the legitimacy of some records however, certain samples matched real records from previous data breaches. Data monitoring firms have also identified the legitimacy of the hacker group.

Chatbooks, one of the organisations whose data has been breached had formally announced a security breach on its website.

comment COMMENT NOW