IOTW: Shiny Hunters Is The New Threat Actor In Town

Add bookmark
Seth Adler
Seth Adler
05/26/2020

During the first two weeks of May, over 73 million user records across over at least 10 different organizations showed up on the dark web. The hacker group Shiny Hunters claims credit. In fact, Shiny Hunters itself went public with the names of hacked organizations. Of the breached companies, only a few have issued official statements.

Who Responded And Who Didn’t

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

The Dating app Zoosk, whose 30 mn account credentials are being sold on the dark web for $500 a pop, has been radio silent, despite a line in their privacy statement reading, “We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.”

On the other hand, Home Chef, which lost 8 mn user records to the hacker group, released a statement on May 20th. Home Chef lists the compromised data to include email addresses, names, phone numbers, encrypted passwords, and the last four digits of social security and credit card numbers. Home Chef states, “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future,” and suggests that—although encrypted—users change their password.

Several edtech companies across the globe also fell victim to Shiny Hunters’ hacks. The move to online schooling has increased traffic to edtech sites, and in many cases, the scaling up of security measures to match this new demand has yet to take place.

See Related: Incident Of The Week: How Hackers Are Taking Advantage Of Coronavirus

Shiny Hunters Looking To Make A Name For Themselves

Shiny Hunters also credit themselves with an attack on Microsoft’s GitHub, a software development hosting platform. They claim to have stolen 500 GB of private files from the platform, including code samples, test projects, and eBooks. Microsoft has yet to confirm or deny these allegations, and it is difficult to tell whether or not the released gig of information Shiny Hunters offered up is authentic or not. Still, it is clear that this new player in the cybercrime scene is looking to make a name for itself.  

Hackers benefit from the publicization of breaches both in the media and across popular hacking forums. In fact, in the case of the Shiny Hunters hack, posts were made across internet forums by the group to drum up publicity. The strategy plays into the fears of organizations, and it has been said that corporations quietly strike deals with such groups to remove information from the dark web.

Released Data Can Be Used In More Elaborate Phishing Attempts

Additionally, the stolen data can be used for impersonation purposes. Even though passwords and credit card numbers remain encrypted, personal information can be used for spear-phishing attacks. Spear phishing describes a phishing attempt to a specific individual or entity. It involves more research and customization than a standard phishing scam, which is where personal data comes in handy.

Shiny Hunters promises that the May data dump is only “Stage 1,” openly expressing their lack of concern about getting caught by the media.

See Related: Is BYOD Worth The Risk?

The Shiny Hunter hacks reemphasizes the importance of building a strong cyber security infrastructure before breaches happen. Lax BYOD policies and an increase in the number of employees working from home is a hacker’s dream.