ChatBooks confirms Data Breach as Hackers sell 15 million User records on Dark Web
What is ChatBooks?
ChatBooks is a mobile app that creates photo books using your digital photos. You can customize a book, subscribe to an Instagram series, or make a book filtered by a specific hashtag. It’s really the easiest way to create a photo book!
Chatbooks are photo books for people who don’t have time to make photo books. A fast and affordable way to get photos off of your phone and into your hands. Easily add, edit, and rearrange your favorite photos to create a beautiful photo book.
Recently, ChatBooks informed its users they faced a cyber attack and millions of user records are stolen. About 15 million of user reports are being sold on DarkWeb after the attack.
Also Read: What is Dark Web? What is the Deep Web?
The attack was been executed by the Shiny Hunters hacker group. The Group started to sell the user reports on 3rd May 2020 on DarkWeb. Shiny Hunters asked $2000 (Rs. 1,50,000 approx) for 15 million rows of user reports. They provided a sample with email addresses, hashed passwords (SHA-512), social media access tokens, and personally identifiable information.
The customers received a notification of the breach on 8th May 2020, saying that the hackers stole login credentials to the service, names, email addresses, and passwords (salted and hashed). The company informed that payment or credit card information was not present in their database, so it was not impacted. Also, there is no evidence to suggest that personal data, like photos, was stolen.
According to the notification, the company learned about the intrusion on Tuesday, May 5, two days after the hackers started advertising ChatBooks user records on a dark web market. Based on forensic investigation, the breach occurred on March 26.
However, The breach is a part of 11 other companies attacked by Shiny Hunters, as they are selling over 73 million user reports on DarkWeb.
Moreover, as the breach leaks user credentials, the company said to their users to change the passwords of their accounts as soon as possible to avoid the leak.