More than 73 million user records stolen from across a number of online services are being offered for sale on the dark web by hacker group ShinyHunters, according to ZDNet.
Affected services include online dating app Zoosk (30 million user records), printing service Chatbooks (15 million), food delivery service Home Chef (8 million), online marketplace Minted (5 million), and U.S. news site Star Tribune (1 million).
ShinyHunters has shared samples from its haul of stolen databases, with ZDNet able to verify the authenticity of the data linked to several of the databases. It’s still working to verify the authenticity of the entire collection.
The hacker group is reportedly selling the huge trove of data for $18,000. In the case of Utah-based Chatbooks, which is the only company to so far have publicly acknowledged the breach, stolen data includes names, email addresses, and passwords, which, despite being encrypted, Chatbooks recommended users to change out of an abundance of caution. A number of phone numbers and Facebook IDs were also stolen from Chatbooks users, though no payment or credit card information is thought to be involved. The company said the breach took place on March 26 and was discovered earlier this month.
The sale of the multiple databases comes a week after it emerged the same group had breached Tokopedia — Indonesia’s largest online store — stealing 91 million user records that it put up for sale with a $5,000 price tag.
Last year an astonishing 773 million unique email addresses — with tens of millions of passwords — from more than 2,000 leaked databases landed up on a hacker forum in one of the biggest incidents of its kind.
It’s not unusual for cybercriminals to gather stolen data — whether obtained through their own efforts or those of others — with a view to selling it on. Buyers could use the data for ID theft or, in some cases, to create counterfeit payment cards for spending sprees that take place before the owner realizes what’s happening.
Digital Trends has reached out to Zoosk and several of the other services to ask them how they’re responding to the reported data breach, and we will update this article when we hear back.