Cyber Incident Victim: Dave

The incident involving ShinyHunters in November 2020 centered on unauthorized data breaches and subsequent leaks of multiple corporate databases, accompanied by disputes within cybercriminal forums. On or around November 12, threat actors associated with ShinyHunters advertised and distributed stolen databases from entities including Animal Jam, eatigo, Peatix, Redmart, Pluto.tv, Storybird, Homechef, and others. Evidence suggested some affected organizations might not have been aware of the breaches at the time of exposure, prompting external outreach by journalists for verification. Concurrently, a dispute erupted on a hacking forum when a user accused ShinyHunters and a data broker known as "ExpertData" of breaching an exclusivity agreement. The complainant alleged he had paid tens of thousands of dollars for sole access to certain datasets, only to discover the data had been redistributed afterward. Forum administrators banned the aggrieved buyer rather than addressing the alleged fraud, escalating tensions.

In retaliation, the banned individual migrated to a Russian-language cybercrime forum and publicly released multiple databases without charge, including those from Eatigo, Eskimi, Geniusu, Glofox, JoinPiggy, Peatix, Pluto, Nitrogo, and Redmart. These retaliatory leaks were short-lived, as the datasets were deleted within hours, and the user’s account was deactivated within 24 hours. The rapid removal limited widespread access to the data, though the exposure still posed risks to the affected organizations and their users. No specific containment or remediation actions by the victim companies were detailed in available reports, leaving the full operational and financial impacts unquantified. The incident underscored the volatile nature of cybercriminal ecosystems, where internal disputes can trigger secondary data exposures beyond the initial breaches.