ETDA ThaiCERT
Report
Search
Home > List all groups > ShinyHunters

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: ShinyHunters

NamesShinyHunters (self given)
Country[Unknown]
MotivationFinancial gain
First seen2020
Description(ZeroFOX) ShinyHunters is taking a page out of the book of Gnosticplayers, the breach data broker who in 2018-2019 pilfered billions of records from dozens of companies and sold them online. Due to the verification of the Tokopedia breach by multiple researchers and the company itself, ZeroFOX Alpha Team has HIGH confidence that these new breaches are legitimate, and will most likely be available on other breach marketplaces at lower prices in the near future. It is likely that this actor will continue to breach companies and post their content for sale. These tactics proved both successful and profitable for gnosticplayers, and it is likely they will continue to appeal to other breach brokers for these reasons.
Observed
Tools used
Operations performedJan 2020Hacker leaks 40 million user records from popular Wishbone app
<https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/>
Jan 202025 million user records leak online from popular math app Mathway
<https://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/>
Mar 2020Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store
<https://www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/>
Mar 2020A hacker claims to have stolen over 500GB of data from Microsoft's private GitHub repositories, BleepingComputer has learned.
<https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/>
Mar 2020Hackers sell stolen user data from HomeChef, ChatBooks, and Chronicle
<https://www.bleepingcomputer.com/news/security/hackers-sell-stolen-user-data-from-homechef-chatbooks-and-chronicle/>
May 2020Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.
<https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/>
Jun 2020Havenly discloses data breach after 1.3M accounts leaked online
<https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/>
Jul 2020An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.
<https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/>
Jul 2020Tech unicorn Dave admits to security breach impacting 7.5 million users
<https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/>
Jul 2020Promo.com discloses data breach after 22M user records leaked online
<https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/>
Information<https://www.zerofox.com/blog/shinyhunters-breach/>
<https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/>
<https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/>
<https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/>
<https://www.bankinfosecurity.com/anatomy-breach-criminal-data-brokers-hit-dave-a-14715>

Last change to this card: 03 August 2020

Download this actor card in PDF or JSON format

Previous: Shadow Brokers
Next: Shark Spider

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key