By 
As many as 10 companies claim to have been violated by a hacker group ShinyHunters, which is currently selling their respective user records on a dark web marketplace for unlawful products.
It’s the same group that breached last week Tokopedia, Indonesia’s largest online store. Criminals firstly leaked 15 million user records online, for free, but subsequently put the company’s complete record of 91 million users on sale for $5,000.
The same group, emboldened by the profits from the Tokopedia sale, has, during the recent few days, registered the records of 10 more companies.
The listed records total for 73.2 million users, which the is being sold for about $18,000. Each database will be sold separately.
The group has shared samples from some of the pilfered databases, which has been verified to include genuine user records — for the samples where user details were provided.
The legitimacy of some of the registered records cannot be confirmed at the moment; nevertheless, sources in the threat intelligence community believe ShinyHunters is a genuine threat actor.
Some are of the view the ShinyHunters group has links with Gnosticplayers, a hacker group that was active in 2019, and which sold more than one billion user identifications on dark web marketplaces, as it runs on a virtually identical design.
Victim organizations all week have also bee contacted, as the hacker has been putting their databases online for sale.
When this piece was being written, the company formally announced a security breach on its website.
