Cyber Incident Victim: Indaba Music
Date:
Nov 2020
Location:
United States of America
Summary
A threat actor leaked databases from multiple organizations, including Indabamusic.com, following a forum dispute over an alleged fraudulent data sale. The incident involved a buyer who paid for exclusive access but later publicly distributed the datasets after being banned from the platform. The leaked information was briefly available on a Russian-language forum before being removed, with the involved account subsequently deactivated. Reports indicated some affected entities may not have been initially aware of the compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
A cyber incident occurred when a threat actor known as ShinyHunters dumped a slew of new databases, including the Indabamusic.com database, after a dispute over an exclusive data sale. The buyer had paid tens of thousands of dollars for the data, but the seller distributed it anyway. This incident highlights the risks and challenges associated with buying and selling sensitive data on the dark web.
According to reports, the buyer had entered into an agreement with ShinyHunters to purchase the data exclusively. However, ShinyHunters allegedly breached this agreement by distributing the data to other parties. This led to a dispute between the buyer and ShinyHunters, with the buyer claiming that they had been scammed. The buyer had paid a significant amount of money for the data, expecting to be the sole owner of the information.
In retaliation, the buyer released the databases for free on a Russian-language forum. This move was likely intended to harm ShinyHunters' reputation and business by making the data widely available and rendering it less valuable. The databases released by the buyer included those from Indabamusic.com, Eatigo, Eskimi, Geniusu, Glofox, JoinPiggy, Peatix, Pluto, Nitrogo, and Redmart. The release of these databases potentially exposed sensitive information about the affected companies and their customers.
The incident highlights the risks associated with buying and selling sensitive data on the dark web. The dark web is a part of the internet that is not indexed by search engines and requires special software to access. It is often used for illicit activities, including the buying and selling of stolen data. However, the lack of regulation and oversight on the dark web means that buyers and sellers are often at risk of being scammed or exploited.
The use of the dark web for buying and selling sensitive data also raises concerns about the security and integrity of the data being sold. The data may have been obtained through illicit means, such as hacking or data breaches, and the buyer may be unwittingly supporting or enabling these activities by purchasing the data.
The incident also highlights the challenges of enforcing agreements and contracts on the dark web. The buyer and ShinyHunters had entered into an agreement, but ShinyHunters allegedly breached this agreement by distributing the data to other parties. This breach of contract was not enforceable through traditional means, and the buyer was left with little recourse.
Furthermore, the incident raises concerns about the impact on the affected companies and their customers. The release of sensitive information about these companies and their customers could have serious consequences, including identity theft, financial loss, and reputational damage. The companies affected by the incident may need to take steps to notify their customers and protect them from potential harm.
The incident involving ShinyHunters and the buyer is a reminder of the risks and challenges associated with the buying and selling of sensitive data on the dark web. The lack of regulation and oversight on the dark web means that buyers and sellers are often at risk of being scammed or exploited, and the data being sold may have been obtained through illicit means. The incident also highlights the challenges of enforcing agreements and contracts on the dark web, and the potential consequences for the affected companies and their customers.
The buyer's decision to release the databases for free on a Russian-language forum was likely a desperate attempt to harm ShinyHunters' reputation and business. However, this move may have unintended consequences, including the exposure of sensitive information about the affected companies and their customers. The incident serves as a reminder of the need for caution and vigilance when dealing with sensitive data, particularly in the context of the dark web.
The incident involving ShinyHunters and the buyer is a complex and multifaceted issue, with various parties involved and affected. The incident highlights the need for greater awareness and understanding of the risks and challenges associated with the buying and selling of sensitive data on the dark web. It also underscores the importance of protecting sensitive information and preventing its unauthorized disclosure.
The affected companies, including Indabamusic.com, Eatigo, Eskimi, Geniusu, Glofox, JoinPiggy, Peatix, Pluto, Nitrogo, and Redmart, may need to take steps to notify their customers and protect them from potential harm. This could include offering credit monitoring services, providing guidance on how to protect against identity theft, and taking steps to prevent similar incidents in the future.
Overall, the incident involving ShinyHunters and the buyer is a sobering reminder of the risks and challenges associated with the buying and selling of sensitive data on the dark web. It highlights the need for caution, vigilance, and awareness, and the importance of protecting sensitive information and preventing its unauthorized disclosure.