Meet Shiny Hunters, the latest hacking group to make it big on Dark Web hacker forums
Shiny Hunters, the group that grabbed headlines in May 2020 with a series of hackings and selling those leaks on dark web marketplaces. Who are they? In a matter of weeks, the hacking group has managed to hack into Microsoft repository on GitHub, webservers of Tokopedia (91 Million), Unacademy (22 million) HomeChef (8 Million), Bhinneka (1.2 Million), Minted (5 Million), StyleShare (6 Million), Ggumim (2 Million), Mindful (2 Million), Star Tribune (1 Million), Chatbooks (15 Million), Chronicle of Education (3 Million), and Zoosk (30 Million) and 12 other websites.
Shiny Hunters mostly sell their ill-gotten goods on Raid Forums. “ShinyHunters” first appeared under that alias on RaidForums on April 17, 2020. A companion Twitter account, @sh_corp opened in January 2020, as did the ShinyHunters dark web account.
The 11 firms currently listed on the dark web market are not the only hacks or dumps attributed to this group. They have also listed other databases on RaidForums as ShinyHunters: ActionNetwork.com (693k), Bitrewards.com (547k), and Ulmon.com (1m).
Currently they are selling databases of nearly 12 companies on Raid Forum. They have been attributed by ZeroFox Alpha Team for the Unacademy breach but have so far not listed that database on the Raid Forums. BleepingComputer has separately reported that it was contacted by Shiny Hunters, who said they stole over 500GB of data from Microsoft’s repositories with the original intention of selling it, but now instead may publicly leak the records for free.
Shiny Hunters and Elliot Alderson aka fs0c131y
Remember Elliot Alderson aka @fs0c131y aka french security researcher, Robert Baptiste, who recently claimed that the Indian contact tracing App Aarogya Setu was riddled with vulnerabilities. He and Shiny Hunters share some sort of link or grudge. Shiny Hunters have listed some of the above databases including the Microsoft 500GB one under the name @fs0c131y with link to Elliot Alderson’s Twitter account.
Fighting FOIA at fs0c131y. Utterly schizophrenic. Taking pleasure to publicly bully and humiliate beginners on Twitter, toxic information security dumbass, decided to upload whole Microsoft source code taken from its Github.48GB using 7z compression, just enough to store on the cloud.Black hat. Freedom of doing illegal things isn’t dead.Enjoy
Zack Allen of ZeroFox finds them similar to an erstwhile hacking group GnosticPlayers. GnosticPlayers went about on a similar hacking spree and database selling spree a few years back. Before calling themselves “fs0c131y” on RaidForums, they used the handle “whysodank.” GnosticPlayers also used the same handle for dealing in databases. DataBreaches.net strongly suspects that Shiny Hunters is one specific hacker who was earlier known as “NSFW.”
It remains to be seen if Shiny Hunters continue with their hacking spree or they are caught by the long arm of the law. They are under investigation from the FBI as well as Indonesian and Indian police for the hack attacks. We will continue to follow the Shiny Hunters and keep you updated.