ShinyHunters

The name of the group is believed to be derived from shiny Pokémon, a mechanic in the Pokémon video game franchise where Pokémon have a rare chance of being encountered in an alternate, "shiny" color scheme; players who actively try to collect such Pokémon through in-game strategies are often referred to as "shiny hunters".{{Cite web |last=King |first=Ashley |date=2024-06-19 |title=More Details Emerge on Ticketmaster Breach Affecting 500M+ |url=https://www.digitalmusicnews.com/2024/06/18/how-did-the-hacker-get-access-to-ticketmaster/ |access-date=2025-01-19 |website=Digital Music News |language=en-US}}{{Cite web |last=Frank |first=Allegra |date=2016-12-02 |title=Why Pokémon players spend hours and hours chasing shiny monsters |url=https://www.polygon.com/2016/12/2/13821976/pokemon-sun-and-moon-shiny-hunting |url-status=live |archive-url=https://web.archive.org/web/20240417202918/https://www.polygon.com/2016/12/2/13821976/pokemon-sun-and-moon-shiny-hunting |archive-date=2024-04-17 |access-date=2024-12-23 |website=Polygon |language=en-US}}

• AT&T Wireless: In 2021, ShinyHunters began selling information on 70 million AT&T wireless subscribers, which contained user's phone numbers, personal information and social security numbers. AT&T acknowledges the databreach in 2024.{{cite web |title=A Notorious Hacker Gang Claims to Be Selling Data on 70 Million AT&T Subscribers |url=https://gizmodo.com/a-notorious-hacker-gang-claims-to-be-selling-data-on-70-1847527860 |website=GIzmodo |date=21 August 2021 |access-date=26 August 2023}}{{cite web |title=AT&T finally acknowledged the data breach. |url=https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/ |website=Bleeping Computer |access-date=26 August 2023}}{{cite web | url=https://www.pandasecurity.com/en/mediacenter/att-finally-acknowledges-data-breach-affecting-51-million-people/ | title=AT&T acknowledges data breach affecting 51 million people - Panda Security | date=12 April 2024 }}
• Tokopedia: On 2 May 2020 Tokopedia was breached by ShinyHunters, which claimed to have data for 91 million user accounts, revealing users' gender, location, username, full name, email address, phone number, and hashed passwords.
• Wishbone: Also in May 2020, ShinyHunters leaked the full user database of Wishbone, which is said to contain personal information such as usernames, emails, phone numbers, city/state/country of residence, and hashed passwords.{{Cite web|last=Cimpanu|first=Catalin|title=Hacker leaks 40 million user records from popular Wishbone app|url=https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/|access-date=2021-01-25|website=ZDNet|language=en}}
• Microsoft: In May 2020, ShinyHunters also claimed to have stolen over 500 GB of Microsoft source code from the company's private GitHub account. The group published around 1GB of data from the hacked GitHub account to a hacking forum. Some cybersecurity experts doubted the claims until analyzing the code; upon analysis, ShinyHunters' claims were no longer in question. Microsoft told Wired in a statement that they are aware of the breach. Microsoft later secured their GitHub account, which was confirmed by ShinyHunters as they reported being unable to access any repositories.{{Cite web|url=https://techgenix.com/microsofts-github-account-breached/|title=Microsoft's GitHub account breached by threat actors Shiny Hunters|date=May 21, 2020|website=TechGenix}}{{Cite web|url=https://www.scmagazine.com/home/security-news/cybercrime/shiny-hunters-bursts-onto-dark-web-scene-following-breaches-microsoft-data-theft-claims/|title='Shiny Hunters' bursts onto dark web scene following spate of breaches|date=May 8, 2020|website=SC Media}}{{Cite web|url=https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/|title=Microsoft's GitHub account hacked, private repositories stolen|website=BleepingComputer}}
• Wattpad: In July 2020, ShinyHunters gained access to the Wattpad database containing 270 million user records. Information leaked included usernames, real names, hashed passwords, email addresses, geographic location, gender, and date of birth.{{Cite web|last=Deschamps|first=Tara|date=2020-07-21|title=Wattpad storytelling platform says hackers had access to user email addresses|url=https://www.ctvnews.ca/sci-tech/wattpad-storytelling-platform-says-hackers-had-access-to-user-email-addresses-1.5032665|access-date=2021-01-25|website=CTVNews|language=en}}{{Cite news|title=Wattpad warns of data breach that stole user info {{!}} CBC News|language=en-US|work=CBC|url=https://www.cbc.ca/news/business/wattpad-data-breach-1.5657724|access-date=2021-01-25}}{{Cite web|title=Wattpad data breach exposes account info for millions of users|url=https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/|access-date=2021-01-25|website=BleepingComputer|language=en-us}}
• Pluto TV: In November 2020, it was reported that ShinyHunters gained access to the personal data of 3.2 million Pluto TV users. The hacked data included users' display names, email addresses, IP addresses, hashed passwords and dates of birth.{{Cite web|date=2020-11-15|title=ShinyHunters hacked Pluto TV service, 3.2M accounts exposed|url=https://securityaffairs.co/wordpress/110931/data-breach/pluto-tv-database-shinyhunters.html|access-date=2021-01-25|website=Security Affairs|language=en-US}}{{Cite web|title=3 Million Pluto TV Users' Data Was Hacked, But the Company Isn't Telling Them|url=https://www.vice.com/en/article/88a8ma/pluto-tv-hacked-data-breach|access-date=2021-01-25|website=www.vice.com|date=4 December 2020 |language=en}}
• Animal Jam: It was also reported in November 2020 that ShinyHunters was behind the hack of Animal Jam, leading to the exposure of 46 million accounts.{{Cite web |last=Whittaker |first=Zack |date=16 November 2020 |title=Animal Jam was hacked, and data stolen; here's what parents need to know |url=https://techcrunch.com/2020/11/16/animal-jam-data-breach/ |access-date=2021-01-25 |website=TechCrunch |language=en-US}}{{Cite web |last=Abrams |first=Lawrence |date=2020-11-11 |title=Animal Jam kids' virtual world hit by data breach, impacts 46M accounts |url=https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/ |access-date=2021-01-25 |website=BleepingComputer |language=en-us}}
• Mashable: In November 2020, ShinyHunters leaked 5.22GB worth of the Mashable database on a prominent hacker forum.{{Cite web|url=https://www.hackread.com/shinyhunters-hacker-leaks-mashable-database/|title=ShinyHunters hacker leaks 5.22GB worth of Mashable.com database|date=5 November 2020|access-date=27 May 2023}}
• Pixlr: In January 2021, ShinyHunters leaked 1.9 million user records from Pixlr.{{Cite web |date=2021-01-21 |title=Hacker leaks 1.9 million user records of photo editing app Pixlr |url=https://www.tribuneindia.com/news/science-technology/hacker-leaks-1-9-million-user-records-of-photo-editing-app-pixlr-201668 |access-date=2021-01-25 |website=The Tribune |language=en}}
• Nitro PDF: In January 2021, a hacker claiming to be a part of ShinyHunters leaked the full database of Nitro PDF — which contains 77 million user records — on a hacker forum for free.{{Cite web|title=Hacker leaks full database of 77 million Nitro PDF user records|url=https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/|access-date=2021-01-25|website=BleepingComputer|language=en-us}}
• Bonobos: Also in January 2021 it was reported that ShinyHunters leaked the full Bonobos backup cloud database to a hacker forum. The database is said to contain the address, phone numbers, and order details for 7 million customers; general account information for another 1.8 million registered customers; and 3.5 million partial credit card records and hashed passwords.{{Cite web|title=Bonobos clothing store suffers a data breach, hacker leaks 70GB database|url=https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/|access-date=2021-01-25|website=BleepingComputer|language=en-us}}
• Aditya Birla Fashion and Retail: In December 2021, Indian retailer Aditya Birla Fashion and Retail were breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses were subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes{{Cite web|title=Bonobos clothing store suffers a data breach, hacker leaks 70GB database|url=https://restoreprivacy.com/aditya-birla-fashion-and-retail-ltd-abfrl-hack-2022/|access-date=2022-01-11|website=RestorePrivacy|date=11 January 2022|language=en-us}}
• Mathway: In January 2020, ShinyHunters breached Mathway, stealing roughly 25 million users data. Mathway is a popular math app for students that helps solve algebraic equations.{{Cite web |last=Cimpanu |first=Catalin |date=2020-05-22 |title=25 million user records leak online from popular math app Mathway |url=https://www.zdnet.com/article/25-million-user-records-leak-online-from-popular-math-app-mathway/ |access-date=2025-04-18 |website=ZDNET |language=en}}
• Santander: On 30 May 2024 Santander was breached by ShinyHunters, which resulted in all Santander staff and '30 million' customers in Spain, Chile and Uruguay hacked.{{Cite web |title=All Santander staff and millions of customers have data hacked |url=https://www.bbc.com/news/articles/c6ppv06e3n8o |access-date=2024-07-22 |website=www.bbc.com |date=2 June 2024 |language=en-GB}}
• Ticketmaster: Hackers working with ShinyHunters have claimed responsibility for breaching Ticketmaster.{{Cite magazine |last=Zetter |first=Kim |title=Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake |url=https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/ |access-date=2024-07-22 |magazine=Wired |language=en-US |issn=1059-1028}}
• AT&T Wireless: In April 2024, hackers affiliated with ShinyHunters hacked AT&T Wireless and stole data on over 110 million customers. In May, AT&T paid a $370,000 ransom to one of the group's members to delete the data.{{Cite magazine |last=Zetter |first=Kim |title=AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records |url=https://www.wired.com/story/atandt-paid-hacker-300000-to-delete-stolen-call-records/ |access-date=2024-08-04 |magazine=Wired |language=en-US |issn=1059-1028}}

In 2024, someone associated with the group ShinyHunters claimed to have hacked Snowflake related customers including Ticketmaster, Santander Bank, and Neiman Marcus.{{Cite magazine |last=Zetter |first=Kim |date=2024-06-17 |title=Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake |url=https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/ |access-date=2025-03-10 |magazine=Wired |language=en-US |issn=1059-1028}} The group was also responsible for publishing data stolen from Twilio and Truist Bank.{{Citation needed|date=April 2025}}

The following are other hacks that have been credited to or allegedly done by ShinyHunters. The estimated impacts of user records affected are also given.{{Cite web|last=May 2020|first=Jitendra Soni 11|title=ShinyHunters leak millions of user details|url=https://www.techradar.com/news/shinyhunters-leak-millions-of-user-details|access-date=2021-01-25|website=TechRadar|date=11 May 2020|language=en}}{{Cite web|last=July 2020|first=Nicholas Fearn 29|title=386 million user records stolen in data breaches — and they're being given away for free|url=https://www.tomsguide.com/news/shinyhunters-breach-giveaway|access-date=2021-01-25|website=Tom's Guide|date=29 July 2020|language=en}}{{Cite web|date=2020-05-11|title="Shiny Hunters" Hacker Group Keep 73 Mn User Records on Darknet|url=https://cisomag.eccouncil.org/shiny-hunters-selling-user-records/|access-date=2021-01-25|website=CISO MAG {{!}} Cyber Security Magazine|language=en-US}}

{{Div col|colwidth=25em}}

• JusPay - 100 million user records{{Cite news|title=Amazon, Swiggy's payment processor hit by data breach|url=https://timesofindia.indiatimes.com/business/india-business/amazon-swiggys-payment-processor-hit-by-data-breach/articleshow/80104462.cms|access-date=2021-01-05|website=The Times of India|language=en}}
• Zoosk - 30 million user records{{Cite web|url=https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/|title=A hacker group is selling more than 73 million user records on the dark web|first=Catalin|last=Cimpanu|website=ZDNet}}
• Chatbooks - 15 million user records
• SocialShare - 6 million user records
• Home Chef - 8 million user records
• Minted - 5 million user records
• Chronicle of Higher Education - 3 million user records
• GuMim - 2 million user records
• Mindful - 2 million user records
• Bhinneka - 1.2 million user records
• StarTribune - 1 million user records
• Dave.com - 7.5 million users{{Cite web|title=ShinyHunters Offers Stolen Data on Dark Web|url=https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462|access-date=2021-01-25|website=Dark Reading|date=28 July 2020|language=en}}
• Drizly.com - 2.4 million user records{{Cite web|url=https://www.darkreading.com/attacks-breaches/shinyhunters-offers-stolen-data-on-dark-web/d/d-id/1338462|title=ShinyHunters Offers Stolen Data on Dark Web|website=Dark Reading|date=28 July 2020}}
• Havenly - 1.3 million user records
• Hurb.com - 20 million user records{{Cite web|url=https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html|title=ShinyHunters leaked over 386 million user records from 18 companies|date=July 28, 2020|website=Security Affairs}}
• Indabamusic - 475,000 user records
• Ivoy.mx - 127,000 user records
• Mathway - 25.8 million user records
• Proctoru - 444,000 user records
• Promo.com - 22 million user records{{Cite web|url=https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators|title=Promo.com data breach impacts 23 million content creators|date=July 28, 2020|website=The Daily Swig | Cybersecurity news and views}}
• Rewards1 - 3 million user records
• Scentbird - 5.8 million user records
• Swvl - 4 million user records
• Glofox - Unknown{{Cite news|last=Taylor|first=Charlie|title=Irish start-up Glofox investigates possible data breach|url=https://www.irishtimes.com/business/technology/irish-start-up-glofox-investigates-possible-data-breach-1.4414837|access-date=2021-01-25|newspaper=The Irish Times|language=en}}
• Truefire - 602,000 user records
• Vakinha - 4.8 million user records
• Appen.com - 5.8 million user records
• Styleshare - 6 million user records
• Bhinneka - 1.2 million user records
• Unacademy - 22 million user records{{Cite web|url=https://www.binarydefense.com/resources/threat-watch/shiny-hunters-group-selling-data-stolen-from-11-different-companies/|title=Shiny Hunters Group Selling Data Stolen From 11 Different Companies|first=Binary|last=Defense|access-date=27 May 2023}}{{Cite web|url=https://malwaretips.com/threads/shiny-hunters-hackers-try-to-sell-a-host-of-user-records-from-breaches.100777/|title=Shiny Hunters hackers try to sell a host of user records from breaches|website=MalwareTips Community|date=8 May 2020 }}
• Upstox - 111,000 user records{{cite web |title=ShinyHunters dump partial database of broker firm Upstox |url=https://www.hackread.com/shinyhunters-broker-firm-upstox-database-leak/ |website=hackread.com |date=12 April 2021}}
• Aditya Birla Fashion and Retail - 5.4 million user records

{{Div col end}}

ShinyHunters group is under investigation by the FBI, the Indonesian police, and the Indian police for the Tokopedia breach. Tokopedia's CEO and founder also confirmed this claim via a statement on Twitter.{{Cite web|url=https://androidrookies.com/who-are-shiny-hunters/|title=Who are Shiny Hunters?|date=May 21, 2020|website=AndroidRookies}}{{cite tweet|user=UnderTheBreach|number=1260518239362338816|title=Twitter post}} {{dead link|date=May 2023}}

Minted company reported the group's hack to US federal law enforcement authorities; the investigation is underway.{{Cite web|url=https://www.hackread.com/minted-data-breach-shiny-hunters-sell-database/|title=Minted confirms data breach as Shiny Hunters sell its database|date=29 May 2020}}

Administrative documents from California reveal how ShinyHunters' hack has led to Mammoth Media, the creator of the app Wishbone, getting hit with a class-action lawsuit.{{Cite web|url=https://www.classaction.org/news/wishbone-app-maker-mammoth-media-hit-with-class-action-over-data-breach-affecting-40-million-users|title=Wishbone App Maker Mammoth Media Hit with Class Action Over Data Breach Affecting 40 Million Users|website=www.classaction.org|date=4 June 2020 }}

Animal Jam stated that they are preparing to report ShinyHunters to the FBI Cyber Task Force and notify all affected emails. They have also created a 'Data Breach Alert' on their site to answer questions related to the breach.{{Cite web|url=https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/|title=Animal Jam kids' virtual world hit by data breach, impacts 46M accounts|website=BleepingComputer}}

BigBasket filed a First Information Report (FIR) on November 6, 2020, to the Bengaluru Police to investigate the incident.{{Cite web|url=https://cybleinc.com/2020/11/07/bigbasket-indias-leading-online-supermarket-shopping-allegedly-breached-personal-details-of-over-20-million-people-sold-in-darkweb/|title=BIGBASKET, INDIA'S LEADING ONLINE SUPERMARKET SHOPPING, ALLEGEDLY BREACHED. PERSONAL DETAILS OF OVER 20 MILLION PEOPLE SOLD IN DARKWEB | Cyble|website=cybleinc.com|date=7 November 2020}}

Dave also initiated an investigation against the group for the company's security breach. The investigation is ongoing and the company is coordinating with local law enforcement and the FBI.{{Cite web|url=https://www.dave.com/blog/post/|title=Security incident at Dave|date=July 25, 2020|website=A Banking Blog for Humans}}

Wattpad stated that they reported the incident to law enforcement and engaged third-party security experts to assist them in an investigation.{{Cite web|url=https://support.wattpad.com/hc/en-us/articles/360046141392-FAQs-on-the-Recent-Wattpad-Security-Incident|title=FAQs on the Recent Wattpad Security Incident|website=Help Center}}

In May 2022, Sébastien Raoult, a French programmer suspected of belonging to the group, was arrested in Morocco and extradited to the United States. He faced 20 to 116 years in prison.{{Cite web|language=fr|url=https://www.lemonde.fr/international/article/2022/08/03/sebastien-raoult-francais-incarcere-au-maroc-menace-d-extradition-aux-etats-unis-ou-il-risque-une-lourde-peine_6137079_3210.html|title=Sébastien Raoult, Français incarcéré au Maroc, menacé d'extradition aux Etats-Unis où il risque une lourde peine|date=August 3, 2022|website=lemonde.fr}}{{cite web | url=https://www.frenchweb.fr/cybercriminalite-detenu-aux-etats-unis-le-francais-sebastien-raoult-espere-toujours-un-retour-en-france/443296 | title=Cybercriminalité: Détenu aux Etats-Unis, le Français Sébastien Raoult espère toujours un "retour en France" | date=31 May 2023 }}

In January 2024 Raoult was sentenced to three years in prison and ordered to return five million dollars.{{Cite news |title=ShinyHunters chief phisherman gets 3 years, must cough up $5M |url=https://www.theregister.com/2024/01/10/shinyhunters_kingpin_prison/ |last=Jones |first=Connor |date=2024-01-10 |access-date=2024-01-12 |work=The Register}} Twelve months of the sentence are for conspiracy to commit wire fraud and the remainder for aggravated identity theft. He will face 36 months of supervised release afterwards. Raoult had worked for the group for more than two years according to the US Attorney's Office for the Western District of Washington.

{{reflist}}

{{Hacking in the 2020s}}

Category:Hacker groups

Category:Hacking in the 2020s

Category:Cybercrime in India