Cyber Incident Victim: Anyvan.com
Date:
Dec 2020
Location:
United States of America
Summary
Anyvan.com was implicated in a data breach where a threat actor offered stolen user records for sale on a hacker forum. The incident involved approximately 4.1 million user records and was among eight newly disclosed breaches in a larger set of 26 compromised companies. While the data broker marketed these records alongside other organizations' data, no pricing was specified for Anyvan's dataset at the time of reporting, and the company's official response regarding the breach was not detailed in available disclosures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2020, a data breach broker advertised the sale of stolen user records from twenty-six companies on a hacker forum, totaling 368.8 million compromised accounts. Among these, Anyvan.com was identified as one of eight new alleged breaches not previously disclosed to the public, with 4.1 million user records listed for sale. The broker’s forum post, discovered by BleepingComputer on an unspecified date prior to December 31, 2020, included a table specifying the number of records per company and whether each breach had been previously acknowledged. Anyvan.com’s entry indicated no prior public disclosure of the incident. The broker had not yet set a price for Anyvan.com’s data at the time of reporting, unlike some other datasets like Teespring.com ($3,800–$4,000) or MyON.com ($2,800). The broader context revealed that threat actors routinely collaborate with brokers to monetize stolen data through dark web marketplaces and hacker forums.
BleepingComputer contacted companies with newly alleged breaches, though the article did not specify Anyvan.com’s response. MyON confirmed a breach but asserted no student private data was exposed, while Chqbook.com denied being breached entirely. For the remaining six companies—including Anyvan.com—no confirmations or denials were documented in the article. Historical precedent noted that similarly marketed breaches often proved legitimate, with companies eventually acknowledging incidents after public exposure. The article advised users of affected sites to reset passwords as a precaution, though no specifics regarding Anyvan.com’s compromised data types (e.g., emails, passwords) were disclosed. The incident highlighted broader trends in cybercriminal ecosystems, where brokers facilitate large-scale data sales involving multiple victims simultaneously. Anyvan.com’s inclusion in the list marked its emergence as a potential breach victim, though definitive validation of the data’s authenticity or the company’s official stance remained unconfirmed in the available source material.