Cyber Incident Victim: Promo.com
Date:
Nov 2020
Location:
Israel
Summary
A threat actor associated with ShinyHunters was implicated in unauthorized access and distribution of multiple organizational databases following a dispute over an alleged breach of exclusivity in a data sale. After a forum member claimed financial loss due to non-exclusive redistribution of purchased data, they were banned from the platform and retaliated by publicly leaking databases—including those of Eatigo, Peatix, Redmart, Pluto.tv, and others—on a Russian-language forum before the content was removed. The incident highlights secondary exposure risks stemming from intermediary conflicts within illicit data markets, though many affected entities may not have been initially aware of the compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
A significant cyber incident occurred involving ShinyHunters, a threat actor known for their involvement in various data breaches and cyber attacks. The incident began with a dispute between ShinyHunters and a data broker, who had agreed to sell exclusive data to a buyer. However, ShinyHunters allegedly distributed the data to other parties, breaching the exclusivity agreement. As a result, the buyer was left with a significant financial loss, having paid tens of thousands of dollars for the data.
In response to the dispute, the buyer took drastic action by posting about the incident on a popular Russian-language forum. The buyer claimed that ShinyHunters and the data broker had scammed them and were attempting to sell the same data to other parties. However, instead of addressing the issue, the forum administrators banned the buyer from the platform. This move was seen as unfair by many, as it appeared that the administrators were siding with ShinyHunters and the data broker.
Following the ban, the buyer decided to take matters into their own hands. They created an account on the same Russian-language forum and began posting links to the sensitive data, making it available for free to anyone who wanted it. The data included sensitive information from various companies, such as Animal Jam, Eatigo, and others. This move was seen as a form of revenge against ShinyHunters and the data broker, who had allegedly scammed the buyer.
The incident highlights the complex and often tumultuous world of cybercrime. Threat actors like ShinyHunters operate in the shadows, often using underground forums and marketplaces to buy and sell sensitive data. These transactions are often shrouded in secrecy, and disputes can arise when agreements are breached. In this case, the buyer felt that ShinyHunters had breached their agreement, and they took drastic action to expose the data and harm the threat actor's reputation.
The incident also raises questions about the role of forum administrators in regulating these underground marketplaces. In this case, the administrators banned the buyer, who was attempting to expose the alleged scam. This move was seen as unfair, and it highlights the challenges of regulating these types of platforms. Forum administrators often walk a fine line between allowing free speech and preventing the sale of illicit goods and services.
The data that was leaked included sensitive information from various companies, such as login credentials, email addresses, and other personal identifiable information. This data can be used for a range of malicious activities, including identity theft, phishing, and other types of cyber attacks. The leak highlights the risks associated with data breaches and the importance of protecting sensitive information.
ShinyHunters is a threat actor that has been involved in various data breaches and cyber attacks in the past. They are known for their ability to obtain and sell sensitive data, often using underground marketplaces and forums. The incident highlights the ongoing threat posed by ShinyHunters and the need for companies to protect themselves against data breaches and cyber attacks.
The incident also highlights the importance of verifying the authenticity of data and the need for due diligence when engaging in transactions involving sensitive information. The buyer in this case paid tens of thousands of dollars for data that was allegedly exclusive, only to find out that it was being sold to other parties. This incident serves as a warning to others to be cautious when engaging in these types of transactions.
In the aftermath of the incident, the buyer's account on the Russian-language forum was deactivated, and the data was removed. However, the damage had already been done, and the sensitive information had been made available to anyone who wanted it. The incident serves as a reminder of the risks associated with data breaches and the importance of protecting sensitive information.
The incident also raises questions about the motivations of ShinyHunters and other threat actors. In this case, it appears that ShinyHunters was motivated by personal gain, as they allegedly sold the same data to multiple parties. However, the buyer's actions in posting the data for free on the forum suggest that they were motivated by revenge against ShinyHunters.
The incident highlights the complex and often personal nature of cybercrime. Threat actors like ShinyHunters often operate in the shadows, and their motivations can be difficult to understand. However, incidents like this one provide a glimpse into the world of cybercrime and the risks associated with data breaches and cyber attacks.
Overall, the incident involving ShinyHunters and the buyer highlights the ongoing threat posed by data breaches and cyber attacks. It serves as a reminder of the importance of protecting sensitive information and the need for companies to be cautious when engaging in transactions involving sensitive data.