Cyber Incident Victim: Zoosk
Date:
May 2020
Location:
United States of America
Summary
A hacker group known as Shiny Hunters flooded dark web marketplaces with stolen user databases from multiple companies, collectively exposing approximately 73 million records. The breaches impacted at least eleven organizations, including major platforms like Tokopedia, Unacademy, and Microsoft's GitHub account, with initial database prices ranging from $1,500 to $3,500. While some victims like Tokopedia and Unacademy confirmed breaches, others remained unresponsive to inquiries. Samples indicated legitimate data compromises, though full verification was pending. The group's activities involved selling databases containing sensitive user information, prompting security concerns across affected services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Shiny Hunters hacking group initiated a multi-company data breach campaign in May 2020, beginning with the compromise of Tokopedia, Indonesia's largest online marketplace. On May 3, 2020, the group advertised a database containing 91 million user records from Tokopedia for sale on dark web marketplaces. This was followed by the release of 22 million user records from Unacademy, India's prominent online learning platform, which subsequently confirmed the breach after being contacted by media. The attackers escalated their activities on May 6 by claiming unauthorized access to Microsoft's GitHub account, leaking files from private source code repositories that were verified by sources as legitimate internal Microsoft materials.

Between May 7-8, Shiny Hunters expanded their dark web offerings to include databases from HomeChef (meal kit delivery), ChatBooks (photo printing service), and Chronicle.com (higher education news platform), collectively exposing 26 million user accounts. Pricing for these datasets fluctuated, with ChatBooks' records initially listed at $1,500 before increasing to $3,500. By May 9, the group had flooded dark web markets with data from 11 distinct companies, totaling 73.2 million compromised user records. Cybersecurity firms ZeroFox and Cyble confirmed the breach authenticity through sample analysis, though full verification remained pending. Affected companies including ChatBooks began notifying users of the breaches, while others like Tokopedia and Unacademy faced public confirmation of incidents. The cumulative impact exposed credential reuse risks across multiple platforms, prompting security advisories for password resets.
