More details have emerged about hacker group “Shiny Hunters’” prey this past month of more than 11 website victims, including Minted, a marketplace of independent illustrators and designers offering consumers items such as custom greeting cards.
BleepingCompany reported that the Shiny Hunters is flooding the dark web with a combined total of 73.1 million user records from at least a dozen websites, including Minted. Database prices among all the victims range $1,500 and $3,500.
Five million of Minted customers’ data was affected, according to a chart published by Bleepingcomputer earlier this month.
Minted separately disclosed that a forensics investigation on May 15 determined it was on May 6 the target of a “potential cybersecurity incident,” which ultimately resulted in PII of the company’s user account database. Impacted users of less than 1 percent of its unquantified user base may have had compromised their log-in credentials, email addresses, telephone numbers and physical addresses, but not their payment or credit card information.
None of this information incidentally is on Minted’s consumer-facing website. The company urged its users to change their passwords for their Minted account and call a toll-free number to speak with its dedicated team handling the incident.
“Criminal hacking groups are all about getting the most money for the records they steal or collect from various data breaches that organizations experience,” commented James McQuiggan, security awareness advocate at KnowBe4.
By compiling all of these records, the criminal groups can reverse engineer the passwords to build up a database for credential stuffing, he noted. This type of attack typically involves users’ accounts being targeted to see if the user has the same password as the one site which was involved in the breach.
“This is an attempt to gain access and use the information towards phishing attacks or identity theft,” said McQuiggan, urging consumers to be vigilant in changing passwords to protect themselves from being “susceptible to attacks on their accounts on different sites because they used the same password.”