Cyber Incident Victim: Minted
Date:
Nov 2020
Location:
United States of America
Summary
A threat actor leaked databases from Minted and multiple other companies following a dispute over an alleged breach of exclusivity in a data sale. After paying a significant sum for exclusive access, a buyer accused the actors of distributing the data widely and retaliated by releasing the databases publicly on a Russian-language forum. This unauthorized exposure included sensitive information from several organizations, though the data was swiftly deleted and the involved account deactivated shortly thereafter. The incident highlighted tensions within illicit data markets and resulted in potential breaches for numerous entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The incident involving ShinyHunters around November 12, 2020, centered on unauthorized data breaches and subsequent leaks of multiple corporate databases. Threat actors associated with ShinyHunters exfiltrated sensitive information from entities including Animal Jam, Eatigo, Peatix, Redmart, Pluto.tv, Storybird, Homechef, Eskimi, Geniusu, Glofox, JoinPiggy, and Nitrogo. The compromised data was initially offered for sale on underground forums under claims of exclusivity, with one buyer alleging they paid tens of thousands of dollars for sole access. This transaction collapsed when the buyer accused ShinyHunters and a data broker known as "ExpertData" of violating the exclusivity agreement by redistributing the databases after payment.
The dispute escalated when the aggrieved buyer was banned from the original forum instead of the alleged scammers, prompting them to retaliate by leaking databases freely on a Russian-language cybercrime platform. Databases from Eatigo, Eskimi, Geniusu, Glofox, JoinPiggy, Peatix, Pluto, Nitrogo, and Redmart were briefly accessible before being deleted, though the window for downloads appeared limited. The leaker’s forum account was deactivated within 24 hours, curtailing further distribution. Impacted organizations faced potential reputational damage, operational disruption, and regulatory scrutiny, though the article did not confirm whether all entities were aware of the breaches prior to public exposure. No containment efforts, technical mitigations, or victim responses were detailed in the available reporting. The incident underscored persistent challenges in underground data markets, including trust violations among threat actors and the rapid weaponization of stolen data in retaliatory actions.