ShinyHunters Exposes Over 125 Million Online Credentials | McAfee Blogs ShinyHunters Exposes Over 125 Million Online Credentials | McAfee Blog
ShinyHunters Exposes Over 125 Million Online Credentials
Meet ShinyHunters, a hacker who recently leaked 10 new databases this past month from companies including:
• Pixlr.com
• Bonobos.com
• Wognai.com
• Tesspring.com
• Tunedglobal.com
• Buyucoin.com
• Wappalyzer.com
• Chqbook.com
• Rooter.io
• MeetMindful.com
But this isn’t the first time they’ve made headlines. It all started in May of 2020 when ShinyHunters attempted to sell several stolen databases on the Dark Web. They also leaked several other databases between April and July. In October, they proceeded to leak the database of the meal kit delivery company, HomeChef. Not one to be easily satisfied, ShinyHunters continued their antics by exposing sixteen other databases in November, where personal user records and information were publicly shared. Prominent companies who fell victim to this wave of data breaches include gaming site Animal Jam, online marketplace Minted, and coupon company ShopBack, among others.
Personal data released ranges from contact information and addresses, dates of birth, passwords, and financial information. Not including the latest data breach, a total of 129,406,564 user records were exposed. Given the alarming size of the exposure, this gives way to rising concerns for when ShinyHunters will strike again. What’s more, this group seeks notoriety from their misdeeds, hoping to claim credibility for the number of attacks they can execute—a troubling thought for everyday users like you and me.
You never know when or if a breach will occur, which is why we must take precautions to protect our data in the case of a security breach. In the past year alone, we have seen a record number of data breaches, posing unforeseen security concerns and bringing light to new priorities for data protection. That’s why we must learn from these occurrences by proactively protecting our private information in 2021 and beyond.
Tips for Protecting Yourself After a Data Breach
There’s no way of knowing whether your personal information will fall into the wrong hands or that it will be used maliciously, but ShinyHunters has indicated that they are on the lookout for opportunities to expose more databases, so we must take the necessary steps to protect our personal information before the damage is done.
1. Find out what information was stolen
Not knowing what data was stolen can make it significantly more difficult to pinpoint what threats you may become subject to. If you realize a company you buy from fell victim to a data breach, start investigating. Use this tool to see if the breach affects you.
2. Update your credentials
Great passwords are usually the first line of defense against personal data exposures, so it’s important to update them as soon as they are compromised. Additionally, use different passwords or passphrases for each of your online accounts which helps protect the majority of your data if one of your accounts becomes vulnerable. One route you can take is to use a password manager that not only lets you create strong passwords but can let you manage them efficiently with added security and peace of mind.
On top of updating your credentials, you’ll want to secure your log-in process by enabling 2-Factor Authentication. So, if a hacker has access to your stolen passwords, they’ll still have to bypass an added security layer that is time sensitive. This makes it even more difficult for them to access your information.
3. Be on the lookout for spear-phishing attacks
Like regular phishing attempts, spear-phishing attempts will try to steal your information by posing as an authentic entity to target unsuspecting victims. However, spear phishing attempts can be harder to spot because the attempt is modified to target a specific individual, often in the form of a personalized email. If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
4. Keep an eye out for suspicious activity on your accounts
If you find that your credit card information has been exposed, keep an eye on your bank records and validate each transaction. In the above cases for a site like MeetMindful, where Facebook authentication tokens and user IDs were stolen, it’s always best to keep an eye on other social accounts for fraudulent activity.
5. Freeze your credit
For maximum financial protection, freeze your credit to prevent hackers from opening new accounts in your name. Placing a freeze on your credit is free for consumers and won’t affect your credit score. Simply contact the three major credit bureaus—Equifax, Experian, and TransUnion—to set up a freeze to secure your credit file until you decide to lift it.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.