Cyber Incident Victim: Scentbird
Date:
Nov 2020
Location:
United States of America
Summary
A threat actor known as ShinyHunters was implicated in a dispute involving a data broker called "ExpertData" over an alleged breach of exclusivity in a database sale, resulting in retaliatory public leaks. The incident affected Scentbird and numerous other entities, including Animal Jam, Eatigo, and Peatix, whose customer databases were subsequently distributed freely on a Russian-language forum after the aggrieved buyer was banned from the original platform. Some impacted organizations may not have been initially aware of the compromise prior to the data dissemination.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
A cyber incident involving the threat actor known as ShinyHunters has come to light, where multiple databases were dumped, including those of Animal Jam, eatigo, Peatix, Redmart, Pluto.tv, Storybird, and Homechef. The incident appears to have started with a dispute between ShinyHunters and a buyer over the sale of exclusive data. The buyer claimed that ShinyHunters and a data broker known as ExpertData had screwed them over by distributing the data after they had paid tens of thousands of dollars for it.
As a result of the dispute, the buyer was banned from the forum where the transaction took place, rather than the alleged scammers. This led to the buyer seeking revenge by giving away the databases for free on a popular Russian-language forum. The databases included sensitive information, and their release has likely caused significant harm to the affected companies and individuals.
The incident highlights the risks of data breaches and the importance of secure data handling practices. It also demonstrates the complexities and challenges of dealing with cyber threats, where the lines between legitimate and illegitimate activities can become blurred. The fact that the buyer was banned from the forum rather than the alleged scammers suggests that there may be inadequate measures in place to prevent and respond to cyber incidents.
The involvement of ShinyHunters in the incident is particularly noteworthy, as this threat actor has been linked to several high-profile data breaches in the past. Their modus operandi appears to involve exploiting vulnerabilities in databases and then selling or releasing the stolen data. This incident is likely to be just one of many that ShinyHunters has been involved in, and it highlights the need for companies and individuals to be vigilant in protecting their data.
The release of the databases has likely caused significant harm to the affected companies and individuals. The data may include sensitive information such as personal identifiable information, financial data, and other confidential information. The release of this data can lead to identity theft, financial fraud, and other malicious activities. It is likely that the affected companies will face significant costs and reputational damage as a result of the incident.
The incident also raises questions about the role of data brokers and the trade in stolen data. ExpertData, the data broker involved in the incident, appears to have played a significant role in the sale and distribution of the stolen data. This highlights the need for greater regulation and oversight of the data broker industry, to prevent the trade in stolen data and to protect individuals and companies from the harm caused by data breaches.
The fact that the buyer was able to obtain the databases and then release them for free on a Russian-language forum suggests that there are inadequate measures in place to prevent and respond to cyber incidents. It is likely that the affected companies will need to take significant steps to respond to the incident, including notifying affected individuals, providing support and compensation, and implementing additional security measures to prevent similar incidents in the future.
The incident also highlights the importance of international cooperation and information sharing in responding to cyber threats. The fact that the buyer was able to release the databases on a Russian-language forum suggests that there may be a global dimension to the incident, and that cooperation between law enforcement agencies and other stakeholders will be necessary to investigate and respond to the incident.
Overall, the cyber incident involving ShinyHunters and the release of multiple databases is a significant and complex incident that highlights the risks and challenges of data breaches. It demonstrates the need for companies and individuals to be vigilant in protecting their data, and for greater regulation and oversight of the data broker industry. It also highlights the importance of international cooperation and information sharing in responding to cyber threats.