Cyber Incident Victim: Revelo.com.br
Date:
Nov 2020
Location:
Brazil
Summary
A threat actor known as ShinyHunters was implicated in a breach involving Revelo.com.br and multiple other entities, with stolen databases subsequently leaked online. The incident stemmed from a dispute between hackers and a buyer who alleged fraudulent exclusivity agreements, leading to retaliatory public data dumps on cybercrime forums. Affected organizations included companies spanning e-commerce, entertainment, and education sectors. While some victims may have been unaware of their compromised status initially, the unauthorized dissemination exposed sensitive user information. The breach highlighted tensions within illicit data markets, where failed transactions prompted retaliatory releases before forum moderators removed the datasets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around November 12, 2020, threat actor ShinyHunters resumed activity involving the unauthorized distribution of multiple corporate databases. This incident coincided with public disputes within underground forums regarding breached data sales. A forum member alleged financial deception by ShinyHunters and an associate using the alias "ExpertData," claiming payment of tens of thousands of dollars for exclusive access to datasets that were subsequently redistributed contrary to the agreement. Instead of addressing the fraud allegations, forum administrators banned the complainant while allowing the accused parties to remain active. The dispute escalated when the banned individual migrated to a Russian-language cybercrime forum and retaliated by publicly releasing numerous databases without compensation.
The retaliatory data dump included information from Eatigo, Eskimi, Geniusu, Glofox, JoinPiggy, Peatix, Pluto.tv, Nitrogo, and Redmart, among others. These databases were briefly accessible before being deleted from the forum, and the retaliator’s account was deactivated within 24 hours of posting. Concurrently, ShinyHunters independently distributed additional datasets including those from Animal Jam, Storybird, and Homechef. Public reports indicated uncertainty regarding whether all affected organizations were aware of the breaches at the time of exposure. Media outlets including BleepingComputer began investigating the incident, suggesting potential outreach to victimized entities for official responses. The rapid deletion of leaked datasets limited widespread dissemination but did not eliminate risks of secondary redistribution through other channels.