According to Engadget's latest report, many user accounts were revealed to have been breached by a team of hackers called ShinyHunters.
The incident was first reported by ZDNet stating that ShinyHunters are selling data of 10 companies on the dark web marketplace.
According to Engadget, over 73.2 million user records were breached from numerous sites and sold on the dark web. More than 15 million came from a printing service called "Chatbooks, while 30 million were hacked from the accounts on the dating app Zoosk.
The remaining accounts came from the Star Tribune newspaper which is over 1 million. Meanwhile, 8 million accounts came from South Korean furniture and fashion sites, and 3 million were hacked from the Chronicle of Higher Education accounts.
Hacked accounts were sold to the Dark Web; 73 million user records stolen by "ShinyHunters"
ZDNet reported that over 500GB of data were stolen from different accounts of Microsoft's private GitHub repositories that were discovered by BleepingComputer.
ShinyHunters contacted BleepingComputers stating that they are planning to sell the 500GB of private projects but decided to leak them for free. The breach may have happened on March 28, 2020, according to the file stamps in the full directory of the leaked files.
The hackers offered 1GB of files as a teaser on a hacker forum to access the leaked data by using the site credits of registered members. The stolen files appear to be mostly test projects, an eBook, code samples, and other generic items based on the source code from the private repositories that were sent to BleepingComputer and the full directory listing of the stolen data.
According to Engadget, although samples of the breach matched real records, the legitimacy of some databases couldn't be verified. It was also clarified that the breach didn't include any known sensitive material as GitHub stated. However, Tokopedia's database, an Indonesian online store hacked by ShinyHunters in May, was put on sale for $5,000. The incident is different from other breaches because of its surprising scale and speed of the group's effort.
To avoid this kind of incident, ZDNet's previous report provided a list of the best password managers in 2020 that could help people protect their business accounts.
The core features of the apps are similar; secure notes, form filling, secure sharing of passwords with trusted contacts, a combination of upper and lower-case letters (including symbols and numbers), and a feature that connects saved password databases to the cloud for end-to-end encryption.
For those looking to increase their security, here's a list of top 10 best password managers for your professionla or personal use:
- Sticky Password
- Dashlane
- RoboForm Free / RoboForm Everywhere
- NordPass
- Open-source options
- LogMeOnce
- Keeper
- Hypervault
- KeePassXC
- Passbolt