A hacker forum is being deluged with databases revealing over 386 million user records that is claimed to have been stolen from eighteen companies during data breaches.
ShinyHunters, a seller of data breaks, started leaking the databases for free since July 21st, on a hacker forum known for selling and sharing pilfered data.
The seller has been responsible for an extensive variety of data breaches in 2019, and the breach of Microsoft private GitHub repository.
Records stolen in data breaches typically are privately sold first, with prices ranging between $500 to $100,000. Once they are no longer lucrative, cybercriminals usually release them on hacker forums to raise their community standing.
Nine of the databases that have been released since July 21st were already divulged in some way previously.
From the samples seen of these databases, it is established that the exposed email addresses correspond to accounts on the services.
The collective databases reveal over 386 million user records. While a password is not comprised in every record, for instance, promo.com, there is still a huge amount of information being unveiled that can be used by threat actors.
When asked why they discarded all of these databases, ShinyHunters said they were told that they were leaked for everyone’s advantage.
“I just thought: ‘I’ve made enough money now’ so I leaked for everyone’s benefit.”
“Obviously, some people are a little upset because they paid resellers a few days ago, but I don’t care,” ShinyHunters said.
Although each of the companies ShinyHunters is offering for free were contacted by different publishing groups, there’s been no response from them yet.
If you are a user of one of the services, you should immediately change your password on the site.
If you use the same password at other sites, you are advised to also change the password there to a unique and strong one that you only use for that site.
Using unique passwords averts a data breach at one site from impacting you at other websites you use.