ShinyHunters
   HOME

TheInfoList



Click Here for Items Related To - ShinyHunters
OR:
ShinyHunters on:   [Wikipedia]   [Google]   [Amazon]

ShinyHunters is a criminal
black-hat A Black Hat (Black Hat Hacker or Blackhat) is a computer hacker who usually violates laws or typical ethical standards. The term originates from the 1950s westerns, when bad guys typically wore black hats and good guys white hats. Black hat hacker ...
hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any computer hobbyist. The hacker groups were out ...
that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the
dark web The dark web is the World Wide Web content that exists on ''darknets'': overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communi ...
.


Name and alias

The name of the group is believed to be derived from
shiny Pokémon Shiny may refer to gloss (optics), the ability of a surface to reflect light in a specular way. Film and television * "Shiny", an episode of the TV series '' The Pinky and Perky Show'' * Shiny, a character in the TV series ''Dinosaur Train'' * Sh ...
, a mechanic in the ''Pokémon'' video game franchise where Pokémon have a rare chance of being encountered in an alternate, "shiny" color scheme, with such Pokémon considered elusive to players. The avatar of a
Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...
profile tied to the group contains a picture of a shiny Pokémon.


Notable data breaches

*AT&T Wireless: In 2021, ShinyHunters began selling information on 70 million AT&T wireless subscribers, which contained user's phone numbers, personal information and social security numbers. AT&T denied the breach stating the information came from a partner service and not directly from them . *Tokopedia: On 2 May 2020
Tokopedia PT Tokopedia is an Indonesian e-commerce company. Tokopedia is a subsidiary of a new holding company called GoTo, following a merger with Gojek on 17 May 2021. It is one of the most visited e-commerce platforms in Indonesia. Tokopedia is one of ...
was breached by Shinyhunters, which claimed to have data for 91 million user accounts, revealing users' gender, location, username, full name, email address, phone number, and hashed passwords. *Wishbone: Also in May 2020, ShinyHunters leaked the full user database of Wishbone, which is said to contain personal information such as usernames, emails, phone numbers, city/state/country of residence, and hashed passwords. *Microsoft: In May 2020, ShinyHunters also claimed to have stolen over 500 GB of
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
source code from the company's private
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous ...
account. The group published around 1GB of data from the hacked GitHub account to a hacking forum. Some cybersecurity experts doubted the claims until analyzing the code; upon analysis, ShinyHunters' claims were no longer in question. Microsoft told ''Wired'' in a statement that they are aware of the breach. Microsoft later secured their GitHub account, which was confirmed by ShinyHunters as they reported being unable to access any repositories. *Wattpad: In July 2020, ShinyHunters gained access to the
Wattpad Wattpad is an online literature platform intended for users to read and write original stories. The founders Allen Lau and Ivan Yuen say that the platform aims to create social communities around stories and remove the barriers between readers a ...
database containing 270 million user records. Information leaked included usernames, real names, hashed passwords, email addresses, geographic location, gender, and date of birth. *Pluto TV: In November 2020, it was reported that ShinyHunters gained access to the personal data of 3.2 million Pluto TV users. The hacked data included users' display names, email addresses, IP addresses, hashed passwords and dates of birth. *Animal Jam: It was also reported in November 2020 that ShinyHunters was behind the hack of
Animal Jam ''Animal Jam Classic'', formerly known as ''Animal Jam'', is a massively multiplayer online game that is developed by WildWorks and recommended for kids up to the age of 12. It was launched in 2010, in collaboration with the National Geographic ...
, leading to the exposure of 46 million accounts. *Mashable: In November 2020, ShinyHunters leaked 5.22GB worth of the
Mashable Mashable is a digital media platform, news website and entertainment company founded by Pete Cashmore in 2005. History Mashable was founded by Pete Cashmore while living in Aberdeen, Scotland, in July 2005. Early iterations of the site were a ...
database on a prominent hacker forum. *Pixlr: In January 2021, ShinyHunters leaked 1.9 million user records from Pixlr. *Nitro PDF: In January 2021, a hacker claiming to be a part of ShinyHunters leaked the full database of
Nitro PDF Nitro PDF Pro is an application used to create and edit Portable Document Format (PDF) files and digital documents. History Nitro Software was founded in Melbourne, Australia, by a team of three, as an alternative PDF software to Adobe Acrobat ...
— which contains 77 million user records — on a hacker forum for free. *Bonobos: Also in January 2021 it was reported that ShinyHunters leaked the full
Bonobos The bonobo (; ''Pan paniscus''), also historically called the pygmy chimpanzee and less often the dwarf chimpanzee or gracile chimpanzee, is an endangered great ape and one of the two species making up the genus '' Pan,'' the other being the comm ...
backup cloud database to a hacker forum. The database is said to contain the address, phone numbers, and order details for 7 million customers; general account information for another 1.8 million registered customers; and 3.5 million partial credit card records and hashed passwords. *Aditya Birla Fashion and Retail: In December 2021, Indian retailer
Aditya Birla Fashion and Retail Aditya Birla Fashion and Retail Limited (ABFRL) is an Indian fashion retail company headquartered in Mumbai. ABFRL has a network of 3031+ stores with a presence across 25,000 multi-brand outlets(approx.) with 6,500+ point of sales in department ...
were breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses were subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes *Mathway: In January of 2020, ShinyHunters breached Mathway, stealing roughly 25 million users data. Mathway is a popular math app for students that helps solve algebraic equations.


Other data breaches

The following are other hacks that have been credited to or allegedly done by ShinyHunters. The estimated impacts of user records affected are also given. * JusPay - 100 million user records *
Zoosk Zoosk is an online dating service available in 25 languages and in more than 80 countries. The founders of the company are Shayan Zadeh and Alex Mehr, who ran the company until December 2014. After struggles that year, Kelly Steckelberg became ...
- 30 million user records * Chatbooks -15 million user records * SocialShare - 6 million user records *
Home Chef Home Chef is a Chicago, Illinois-based meal kit and food delivery company that delivers pre-portioned ingredients and recipes to subscribers weekly in the United States. According to the company it delivers three million meals monthly to its subsc ...
- 8 million user records *
Minted Minted is an online marketplace of premium design goods created by independent artists and designers. The company sources art and design from a community of more than 16,000 independent artists from around the world. Minted offers artists two bus ...
- 5 million user records *
Chronicle of Higher Education ''The Chronicle of Higher Education'' is a newspaper and website that presents news, information, and jobs for college and university faculty and student affairs professionals (staff members and administrators). A subscription is required to rea ...
- 3 million user records * GuMim - 2 million user records *Mindful - 2 million user records * Bhinneka - 1.2 million user records * StarTribune - 1 million user records * Dave.com- 7.5 million users * Drizly.com - 2.4 million user records * Havenly - 1.3 million user records * Hurb.com - 20 million user records * Indabamusic - 475,000 user records * Ivoy.mx - 127,000 user records * Mathway - 25.8 million user records * Proctoru - 444,000 user records * Promo.com - 22 million user records * Rewards1- 3 million user records * Scentbird - 5.8 million user records *
Swvl Swvl is an Dubai-based provider of tech-enabled mass transit solutions, offering intercity, intracity, B2B and B2G transportation products and services. Swvl operates in 135 cities in 20 countries across Latin America, Europe, Africa and Asia. T ...
- 4 million user records * Glofox - Unknown * Truefire - 602,000 user records * Vakinha - 4.8 million user records * Appen.com - 5.8 million user records * Styleshare - 6 million user records * Bhinneka - 1.2 million user records *
Unacademy Unacademy is an Indian educational technology company that provides online educational platform with its headquarters in Bangalore, Karnataka. It prepares students for various competitive exams(like JEE, NEET, UPSC, CA, GATE, UPSC NDA, CUET ...
- 22 million user records * Upstox - 111,000 user records *
Aditya Birla Fashion and Retail Aditya Birla Fashion and Retail Limited (ABFRL) is an Indian fashion retail company headquartered in Mumbai. ABFRL has a network of 3031+ stores with a presence across 25,000 multi-brand outlets(approx.) with 6,500+ point of sales in department ...
- 5.4 million user records


Lawsuits

ShinyHunters group is under investigation by the
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
, the Indonesian police, and the Indian police for the Tokopedia breach. Tokopedia's CEO and founder also confirmed this claim via a statement on Twitter.
Minted Minted is an online marketplace of premium design goods created by independent artists and designers. The company sources art and design from a community of more than 16,000 independent artists from around the world. Minted offers artists two bus ...
company reported the group's hack to US federal law enforcement authorities; the investigation is underway. Administrative documents from California reveal how ShinyHunters' hack has led to Mammoth Media, the creator of the app Wishbone, getting hit with a
class-action lawsuit A class action, also known as a class-action lawsuit, class suit, or representative action, is a type of lawsuit where one of the parties is a group of people who are represented collectively by a member or members of that group. The class action ...
. Animal Jam stated that they are preparing to report ShinyHunters to the FBI Cyber Task Force and notify all affected emails. They have also created a 'Data Breach Alert' on their site to answer questions related to the breach. BigBasket filed a
First Information Report __NOTOC__ A first information report (FIR) is a document prepared by police organisations in Indian subcontinent and Southeast Asian countries including Myanmar, India, Bangladesh and Pakistan when they receive information about the commissio ...
(FIR) on November 6, 2020, to the Bengaluru Police to investigate the incident. Dave also initiated an investigation against the group for the company's security breach. The investigation is ongoing and the company is coordinating with local law enforcement and the FBI. Wattpad stated that they reported the incident to law enforcement and engaged third-party security experts to assist them in an investigation.


Arrests

In May 2022, Sébastien Raoult, a French programmer suspected of belonging to the group, was arrested in Morocco and extradited to the United States. He faces 20 to 116 years in prison.https://www.frenchweb.fr/cybercriminalite-detenu-aux-etats-unis-le-francais-sebastien-raoult-espere-toujours-un-retour-en-france/443296


References

{{Hacking in the 2020s Hacker groups Hacking in the 2020s Cybercrime in India