A malicious actor known as Shiny Hunters has emerged as a serious dark web player following a spate of high-profile breaches, and now the hacker or hackers is claiming to have stolen data from Microsoft’s private GitHub repositories and is threatening to release the code for free.
According to researchers from ZeroFOX Alpha Team, Shiny Hunters is behind the recently reported breaches of Indonesian e-commerce giant Tokopedia and Indian e-learning platform Unacademy, as well as three new breaches affecting meal kit delivery service Home Chef, online printing and photo store Chatbooks and college-oriented news site Chronicle.com.
For this reason, ZeroFOX has likened Shiny Hunters to gnosticplayers, another prominent hacker or hacking group known for selling stolen data on the dark web from dozens of companies in 2018 and 2019.
“Due to the verification of the Tokopedia breach by multiple researchers and the company itself, ZeroFOX Alpha Team has high confidence that these new breaches are legitimate, and will most likely be available on other breach marketplaces at lower prices in the near future,” ZeroFOX stated in a blog post. “It is likely that this actor will continue to breach companies and post their content for sale. These tactics proved both successful and profitable for gnosticplayers, and it is likely they will continue to appeal to other breach brokers for these reasons.
BleepingComputer has separately reported that it was contacted by Shiny Hunters, who said they stole over 500GB of data from Microsoft’s repositories with the original intention of selling it, but now instead may publicly leak the records for free.
Although the actor posted a sampling of records on a hacker forum, BleepingComputer reported that some forum members doubted the veracity of certain claims. A directory listing and samples sent to BleepingComputer reportedly revealed mostly code samples, test projects, and generic items, but nothing especially worrisome such as source code.
“We’re aware of these claims and are investigating,” said a Microsoft spokesperson.
Earlier this month, it was reported that a hacker was selling roughly 91 million user records stolen from Tokopedia, in a massive breach. And just today, it was reported that an actor was selling the account information of about 22 million users of Unacademy. ZeroFox has now linked that activity to three more breaches, which collectively impact the user data of 26 million accounts. This latest intelligence is based on breach dumps that ZeroFOX has found for sale on a dark web forum.
The HomeChef breach affects approximately 8 million records, a sample set of which was posted to a paste website. The records are selling for $2,500, and impacted information includes email addresses, by crypt passwords, IP addresses, partial SSNs, zip codes and phone numbers.
The stolen Chatbooks information involves 15 million rows of data and is selling on the dark web for $2,000. A sample posted on a paste website reveals email addresses, SHA-512 password hashes, social media access tokens and various PII.
The Chronicle.com breach contains roughly 3 million records, which are collectively selling for $1,500, ZeroFOX said.
SC Media has reached out to Home Chef, Chatbooks and Chronicle.com for comment.