Cyber Incident Victim: Star Tribune

In May 2020, the hacker group Shiny Hunters initiated a widespread data breach campaign by selling stolen user databases on dark web marketplaces. The activity began with the sale of 91 million user records from Tokopedia, Indonesia's largest online marketplace, followed by 22 million records from Unacademy, a major Indian online learning platform. After BleepingComputer contacted Unacademy about the breach, the company confirmed the incident and issued a public statement acknowledging unauthorized access to their systems. Shiny Hunters subsequently claimed responsibility for breaching Microsoft's GitHub account earlier that year, leaking files from private source code repositories. While Microsoft did not officially confirm the GitHub compromise, sources familiar with the matter verified to BleepingComputer that the leaked repositories contained proprietary code accessible only to Microsoft employees.

The group expanded their operations by flooding dark web markets with data from eleven companies, totaling 73.2 million compromised user records. Initial pricing for these databases ranged from $1,500 to $2,500, though some listings like ChatBooks' records later increased to $3,500. Cybersecurity firm Cyble alerted BleepingComputer about the surge in Shiny Hunters' marketplace listings, which included additional unconfirmed breaches beyond the initial three high-profile incidents. ChatBooks began notifying affected users after media reports surfaced, though most targeted companies had not publicly acknowledged breaches or responded to inquiries at the time of reporting. BleepingComputer examined samples of the leaked data and found them consistent with legitimate breaches, though full verification remained pending. The cumulative exposure spanned multiple industries and geographic regions, with compromised credentials posing reuse risks across other platforms where victims maintained accounts.