OP 27 January, 2021 - 11:28 AM
(This post was last modified: 27 January, 2021 - 12:16 PM by Mastiff.)
Infamous hacking group ShinyHunters has released 1.9 million stolen user records from free online photo editing service Pixlr as part of a release of hacked data from various sites.
Links to the data stolen from Pixlr were published on a well-known internet hacking forum on Jan. 17 and included user login names, email addresses, hashed passwords, country of origin, and other details.
In this case, it’s believed that ShinyHunters gained access to Pixlr’s user records through an unsecured Amazon Web Services Inc. S3 bucket, but the hacking group has used various methods in the past. In the hack, financial service provider Dave Inc. in July, ShinyHunters was able to gain access through a breach of Git analytics platform provider Waydev Inc.
Pixlr users are not alone in having its user data stolen and published by ShinyHunters this year. Researchers at cybersecurity intelligence firm Kela Research and Strategy Ltd. have also discovered stolen data linked to the same forum from Wongnai Media Co. Ltd., Tuned Global Pty. Ltd., Buyucoin, Wappalyzer, Teespring Inc. and Bonobos.com.
“Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world,” Victoria Kivilevich, threat intelligence analyst at KELA, told SiliconANGLE. “We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months, but Shiny Hunters has not been seen releasing data themselves since November.”
Discussing the publication of stolen Pixlr credentials, Nathanael Coffing, the chief security officer at identification firm Cloudentity Inc., noted that hundreds of thousands of user emails and login credentials were exposed in this breach, users are at significant risk of credential stuffing or phishing attacks.
“It doesn’t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims,” Coffing explained. “Hackers already have access to previously stolen data on the dark web, which allows them to easily weaponize this free information for their malicious gain and target users’ financial or healthcare information.”
Links to the data stolen from Pixlr were published on a well-known internet hacking forum on Jan. 17 and included user login names, email addresses, hashed passwords, country of origin, and other details.
In this case, it’s believed that ShinyHunters gained access to Pixlr’s user records through an unsecured Amazon Web Services Inc. S3 bucket, but the hacking group has used various methods in the past. In the hack, financial service provider Dave Inc. in July, ShinyHunters was able to gain access through a breach of Git analytics platform provider Waydev Inc.
Pixlr users are not alone in having its user data stolen and published by ShinyHunters this year. Researchers at cybersecurity intelligence firm Kela Research and Strategy Ltd. have also discovered stolen data linked to the same forum from Wongnai Media Co. Ltd., Tuned Global Pty. Ltd., Buyucoin, Wappalyzer, Teespring Inc. and Bonobos.com.
“Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world,” Victoria Kivilevich, threat intelligence analyst at KELA, told SiliconANGLE. “We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months, but Shiny Hunters has not been seen releasing data themselves since November.”
Discussing the publication of stolen Pixlr credentials, Nathanael Coffing, the chief security officer at identification firm Cloudentity Inc., noted that hundreds of thousands of user emails and login credentials were exposed in this breach, users are at significant risk of credential stuffing or phishing attacks.
“It doesn’t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims,” Coffing explained. “Hackers already have access to previously stolen data on the dark web, which allows them to easily weaponize this free information for their malicious gain and target users’ financial or healthcare information.”
Source: https://siliconangle.com/2021/01/20/shin...ite-pixlr/
Pixlr data breach: https://bayfiles.com/d9NabaA7p0, https://anonfiles.com/v4K0b7Adp8.
Check out all of the recent ShinyHunters data breaches.
![[Image: FeelsStrongMan.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2F%2Fimages%2Fsmilies%2FFeelsStrongMan.png)
![[Image: 3x6Iaap.gif]](https://i.imgur.com/3x6Iaap.gif)