ShinyHunters

Recently, the name ShinyHunters became popular because it claimed to have hacked at least ten companies, including Tokopedia and Bhinneka. Actually, who are they?

ShinyHunters is a criminal black hat hacker group Founded by Mr.Zero Ghost Code and is believed to have been formed in 2020 and is said to have been involved in various data breaches. Stolen information is often sold on the dark web.

ShinyHunters claims to have hacked ten companies and peddled databases of their victims’ users on the dark web. A total of 73.2 million user data were sold for a total price of Rp. 18 thousand. Of the 10 companies, one of them is from Indonesia, namely Bhinneka, where 1.2 million user data is sold on the dark web. The same hacker group previously admitted to breaking into Tokopedia, then selling 91 million Tokopedia user data for USD 5,000, after previously leaking 15 million user data for free.

Not only that, ShinyHunters also stole more than 500GB of data from Microsoft’s private GitHub repository. The data is spread from various private projects, which are then distributed free of charge in cyberspace.

Reported by Bleepingcomputer, from the leaked data it appears that the repository breach occurred on March 28, 2020. Microsoft itself claimed to be aware of this claim and was investigating it, and a Microsoft employee who did not want to be named said that the data theft by ShinyHunters had indeed occurred.

Who exactly are ShinyHunters?

According to Alfons Tanujaya, internet security expert from Vaccincom, ShinyHunters seems to be a good actor in terms of database servers, and knows the loopholes that can be exploited.

The name ShinyHunters is actually not a famous name. But it seems to be a new identity used by a hacker group that has existed for a long time.

“From his skills, it is certain that old players are old, how can new players have such high abilities. It is possible that the names used previously were different or that hackers used several identities so that they were difficult to track to avoid identification by the authorities,” he explained.

Deixe um comentário

O seu endereço de e-mail não será publicado.

X