ShinyHunters is a hacker commonly associated to data breaches and was particularly active during 2020. This trend seems to keep going as there are reports of a new data breach affecting 26 companies whose data is being sold in a popular hacking forum.
Among the affected platforms are well-known websites, including Sitepoint.com and others. Nonetheless, it is worth mentioning that most of the affected platforms included already known information; only 7 of them are new incidents.
According to the reports, those interested in buying such information can get free samples before completing a transaction. Once the operation is accorded, buyers must pay between 1800 and 4000 USD using Bitcoin, as the use of cryptocurrency allows those involved to keep their privacy.
About the amount of leaked data, experts consider that there must be over 368 million exposed user records, which poses a risk for people all over the world. The compromised databases were protected using mechanisms such as MD5 or SHA512, which means that these implementations lacked of the appropriate security measures.
MyON.com is an academic platform affected during this incident. After taking a close look at this attack, they stated that students’ personal data was not compromised by the leak. On the other hand, a website called Chqbook.com mentioned that they were not affected. Other sites supposedly affected have no issued any confirmation. It is still unknown if any hacking group is actively exploiting this incident.
Admins of potentially affected platforms are encouraged to implement the appropriate security measures to prevent further information security incidents that could affect their regular users.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.