Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Hackers Try to Sell 26 Million Breached Records: Report

Data Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers Try to Sell 26 Million Breached Records: Report

Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.

See Also: How to Build Your Cyber Recovery Playbook

The data, which includes personally identifiable information, passwords and other user details, apparently comes from data breaches at meal-kit delivery service Home-Chef; photo-printing firm ChatBooks; and The Chronicle of Higher Education, a news website, according to ZeroFox researchers who reviewed the data on a darknet marketplace.

The researchers say they have "high confidence" that the records are legitimate. The records are packaged in three databases with prices ranging from $1,500 to $2,500 each, according to the report.

Shiny Hunters

A hacking group calling itself Shiny Hunters is brokering the sale of these databases, although it's not clear if this group is behind the actual breaches at these three companies, the report notes. The Shiny Hunter group has been tied to a recent breach of 15 million records from Tokopedia, a large Indonesia ecommerce firm, according to ZeroFox.

Bleeping Computer reports that Shiny Hunters hackers claim to have stolen more than 500 GB of data from Microsoft's private GitHub repositories.

A Microsoft spokesperson told Information Security Media Group Friday that's it aware of the claim and is investigating.

Databases for Sale

In one database that the ZeroFox researchers found for sale on the darknet for $2,500, hackers were selling approximately 8 million records portrayed as coming from HomeChef. This includes an entry that contains the last four digits of users' Social Security numbers.

In addition, the database contains personally identifiable information such as phone numbers, ZIP codes, emails, IP addresses as well as passwords that are hashed using the Bycrypt algorithm. A sample of the records was posted on a dark net website by Shiny Hunters with the title "First Stage: Homechef [8M]," according to the ZeroFox report.

Advertisement for stolen data from HomeChef breach for sale on the darknet (Source:ZeroFox)

A second database contained 15 million rows of records portrayed as coming from the Chatbooks breach, according to the report. This data set includes email addresses, social media access tokens, passwords hashed with the SHA-512 function as well as other personally identifiable information. The asking price for this database was also $2,500, the researchers note.

The hacker group also is trying to sell 3 million records it says were from The Chronicle of Higher Education breach, but it did not post a sample or mention the type of the information that is available, according to the ZeroFox report. The researchers say that database is priced at $1,500.

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.