Cyber Incident Victim: Mindful
Date:
May 2020
Location:
United States of America
Summary
A hacking group known as Shiny Hunters compromised multiple companies, exfiltrating approximately 73.2 million user records across 11 organizations, including Tokopedia, Unacademy, and Microsoft's GitHub account. The stolen databases were actively marketed on dark web forums, with initial asking prices ranging from $1,500 to $3,500 per dataset. While some affected entities like Unacademy and ChatBooks confirmed breaches, others including Microsoft had their incidents corroborated through third-party sources despite lacking official acknowledgment. The group systematically released batches of stolen data, with cybersecurity researchers validating the authenticity of leaked samples.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In May 2020, the hacking group Shiny Hunters initiated a widespread data breach campaign targeting multiple companies, culminating in the sale of 73.2 million user records across 11 organizations on a dark web marketplace. The activity began with the sale of a database containing over 90 million user records from Tokopedia, Indonesia’s largest online store, which included cracked passwords. Shortly afterward, the group listed 22 million user records from Unacademy, a major Indian online learning platform, prompting the company to confirm a breach after being contacted by BleepingComputer. On May 6, Shiny Hunters claimed to have compromised Microsoft’s GitHub account earlier in the year, leaking files from private source code repositories. While Microsoft did not publicly acknowledge the breach, sources familiar with the incident confirmed the authenticity of the leaked repositories, which were accessible only to employees. Initial pricing for these databases ranged from $1,500 to $2,500, though Shiny Hunters later adjusted some listings, such as increasing the ChatBooks database offer to $3,500.
By May 9, cyber intelligence firm Cyble reported that Shiny Hunters had expanded their operations, flooding the marketplace with data from additional victims, bringing the total to 11 companies. BleepingComputer reviewed samples of the breached data and found them consistent with legitimate breaches, though full verification remained pending. ChatBooks began notifying users of a breach following media reports, while other affected organizations had not responded to inquiries at the time of publication. The cumulative impact involved 73.2 million compromised records, with Shiny Hunters leveraging rapid successive breaches to overwhelm the dark web market. Security advisories urged users of the impacted platforms to change passwords immediately, particularly if credentials were reused across multiple services. The incident underscored the group’s focus on high-volume data theft and aggressive monetization through bulk sales.