Cyber Incident Victim: ChatBooks

On or around May 3, 2020, the hacker group Shiny Hunters advertised a database allegedly stolen from photo print service ChatBooks for sale on a dark web forum. The group, previously linked to breaches at Tokopedia, Unacademy, and Microsoft’s private GitHub repositories, listed 15 million user records with an asking price of $2,000. A sample provided by the hackers revealed the compromised data included email addresses, passwords hashed using the SHA-512 algorithm, social media access tokens, and unspecified personally identifiable information (PII). The same group simultaneously offered databases from Chronicle.com (3 million records for $1,500) and later HomeChef (8 million records for $2,500), collectively exposing 26 million accounts across the three organizations. Digital risk protection firm ZeroFox identified the listings and assessed with high confidence that the breaches were legitimate.

The ChatBooks database remained unsold on the initial forum as of May 8, 2020, with no public confirmation of transactions. ZeroFox analysts noted the absence of buyers increased the likelihood of the data being relisted on other markets at reduced prices. The exposure of SHA-512 hashed passwords posed risks of offline cracking attempts to recover plaintext credentials, while social media tokens could enable unauthorized access to linked accounts. The inclusion of PII in the sample indicated potential identity theft or phishing risks for affected users. Researchers warned that Shiny Hunters’ operational pattern suggested ongoing breaches and future sales of additional databases, mirroring tactics used by other threat actors. No details were disclosed regarding ChatBooks’ internal detection mechanisms, containment measures, or public statements about the incident in the available source material.