In the past few weeks, we have noticed an alarming increase in major data breaches, with millions of records being exposed and shared on dark web forums. This resurgence has been largely driven by a user who appears to be using the name ShinyHunters, a notorious hacking group. This wave of cyberattacks, along with the resurgence of the names of these former hacking groups/users, raises the question of whether we are entering another “golden age” of mass leaks, similar to what we experienced a few years ago.

The Golden Age of Major Data Breaches

Between 2019 and 2021, the cybersecurity community witnessed what many refer to as the “golden age” of massive data breaches. During this period, numerous hacker groups, including ShinyHunters, conducted large-scale attacks, compromising the data of millions of users. These stolen data were shared and sold on the dark web, creating a highly lucrative black market for personal and business information.

ShinyHunters stood out during this period for their attacks on companies such as Tokopedia, Unacademy, and Zoosk, leaking tons of sensitive data, including names, email addresses, passwords, and more. In 2020 and 2021, ShinyHunters conducted a series of hacks on prominent entities, including clothing retailer Bonobos, photo app Pixlr, and Microsoft’s GitHub account. They also claimed to have information on 70 million AT&T accounts, although AT&T denied the leak.

Recently, a user named ShinyHunters allegedly reopened BreachForums, a deep web forum for sharing stolen data breaches, and became its “owner” after the original forum was taken down. The resurgence of BreachForums at the hands of ShinyHunters has coincided with new leaks of data breaches impacting large companies, along with the emergence of other users registered under the names of former famous hackers and database sharers. This begs the question of whether we could be starting a new “golden age” of breaches. However, due to the major issues the group was facing, including recent arrests, there is a possibility that we are witnessing identity impersonation to gain credibility when sharing breaches.

Recent Breaches

In the last week of May 2024, ShinyHunters was allegedly responsible for two significant breaches. While it cannot be confirmed 100% that ShinyHunters is behind these breaches, the following incidents have been reported:

Santander Bank Breach

• Countries Affected: Spain, Chile, Uruguay
• Date Published: May 30, 2024
• Data Compromised:
  • 30 million customer records
  • 6 million account numbers and balances
  • 28 million credit card numbers
  • HR employee lists
  • Consumer citizenship information
  • And much more
• Price: $2 million USD

Ticketmaster Breach

• Date Published: May 28, 2024
• Data Compromised:
  • Full details of 560 million customers (name, address, email, phone)
  • Ticket sales, event information, order details
  • Credit card details, last 4 digits of the card, expiration date
  • Customer fraud details
  • And much more
• Price: $500,000 USD

Recommendations if Impacted By Major Data Breaches

To be protected from the repercussions of these breaches, users should consider the following measures:

1. Be Cautious with Phishing Emails: Avoid clicking on links or downloading attachments from unknown or suspicious emails.
2. Use a Password Manager: A password manager can help securely generate and store complex passwords.
3. Stay Informed: Keep up to date with the latest news on cybersecurity threats and breaches.

By staying vigilant and taking these proactive steps, users can better protect their personal information from being compromised in future data breaches.

*** This is a Security Bloggers Network syndicated blog from Constella Intelligence authored by Alberto Casares. Read the original post at: https://constella.ai/the-resurgence-of-major-data-breaches/