Search for your darkweb exposure
Cyble-CRIL
Request Demo

130 Million New Records Enters in Cybercrime Forums

A few days ago, we saw 3 Billion credentials leaked in the darkweb – a repository compiled through the previous data leaks and breaches. Several organizations scrambled about the leak to better understand the risks posed to them, but now we have another issue to deal with on our Sunday / Monday!

Cyble researchers have noted another major “alleged” breach by the infamous ShinyHunters group. This was posted on their go-to-marketplace, RaidForums.

In this case, the seller, which appears to be one of the data brokers or alias of the SH group, is selling Astoria company’s database.

Per the seller, they gained access to the following information of 100Mn users –

Name, Email address, date of birth, address, mobile, IP address for all users. They also alleged to have gained access to over 40Mn users’ Social Security Numbers (SSNs) and checking account and routing numbers, driver’s license number, vehicle VIN, and other fields.

Source of the data: The actor has alleged the data source from the “Astoria” company. Astoria is a performance marketing company that offers pay per call, search engine optimization, e-mail, social media, and offline advertising services.

While Astoria company has not disclosed any breach, given the previous claims of the SH’s groups, it’s likely to be a legit claim. The actor is selling this information for 5 BTC, i.e., ~ USD 240,000. Given the quality of the alleged data, it doesn’t surprise many. Cyble researchers believe this one of the biggest heists of Social Security Numbers (SSNs) if it’s true

[Update] About the seller:

Telegram Profile:

Other aliases of the seller: seller123[at]secmail.pro

Telegram group managed by the actor: @Hunters

The seller was observed to be selling other databases as well. However, Cyble was unable to verify those claims at this stage.

On a separate note, another seller came to the market with new data-sets as below:

The actor alleged to have access to the private database of the following companies and the corresponding records / databases :

14.5 Mn: FranConnect.com | Full names, emails, plaintext passwords, full addresses, phone numbers, family members, IP addresses, company info, financial info
11 Mn: Zelfy.com | Full names, emails, locations, device id
3.3 Mn: Cashalo.com | Full names, emails, bcrypt hashes, phone numbers
1.2 Mn: OAntagonista.com | Full names, emails
0.8 Mn: ParkBench.com | Full names, emails, phone numbers, full addresses
0.46Mn: Tambola.com | Full names, emails, phone numbers, date of birth
60K: EOSAirClub.com | Usernames, emails, plaintext passwords, wallet addresses, transactions

At the time of writing the advisory, our researchers have no evidence/artifact shreds suggesting a link with the ShinyHunters group.

We recommend people to: 

  • Never share personal information, including financial information over the phone, email, or SMSes.  
  • Use strong passwords and enforce multi-factor authentication wherever possible.  
  • Regularly monitor your financial transactions, and if you notice any suspicious activity, contact your bank immediately.  
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.  
  • Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.  
  • People who are concerned about their exposure in the Darkweb can register atโ€ฏAmiBreached.comโ€ฏto ascertain their exposure.  
  • Refrain from opening untrusted links and email attachments without verifying their authenticity.   

About Cybleย 

Cybleย is a globalย threat intelligenceย SaaSย provider that helps enterprises protect themselvesย from cybercrimesย andย exposure in theย darkweb.ย Cybleโ€™s prime focusย is to provide organizations with real-time visibility into their digital riskย footprint.ย Backed by Y Combinator as part of the 2021 winter cohort,ย Cybleย hasย alsoย been recognized by Forbes as one of the top 20 Best Cybersecurityย Startupsย To Watch In 2020.ย Headquartered inย Alpharetta, Georgia,ย and withย offices inย Australia, Singapore, andย India,ย Cybleย has a global presence.ย To learn more aboutย Cyble, visitย www.cyble.com.ย 

Recent Blogs

โ€˜InTheBoxโ€™ Web Injects Targeting Android Banking Applications Worldwide

January 31, 2023

Insecure Military ICS Infrastructure poses a risk to National Security

January 27, 2023

Titan Stealer: The Growing Use of GoLang Among Threat Actors

January 25, 2023
InTheBox-Blog-Android
January 31, 2023

Cyble analyzes ‘InTheBox’ as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide.

Read More ยป
CybleBlogs-SCADA-ICS-Thermal Imaging-Military
January 27, 2023

Cyble Research & Intelligence Labs analyzes Industrial Control Systems & Thermal Imaging cameras’ cyber risk over Military Instalments.

Read More ยป
Titan Stealer
January 25, 2023

CRIL analyzes Titan Stealer, a Golang based information stealer working as MaaS as well as it’s C&C panel.

Read More ยป

About Usย 


Cybleโ€ฏis a global threat intelligenceย SaaSย provider that helps enterprises protect themselves from cybercrimes and exposure in theโ€ฏDarkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint.

Backed by Y Combinator as part of the 2021 winterย cohort,โ€ฏCybleโ€ฏhas also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-upsโ€ฏToโ€ฏWatch In 2020.

Headquartered in Alpharetta, Georgia,โ€ฏand with offices in Australia, Singapore, Dubai and India,โ€ฏCybleโ€ฏhas a global presence. To learn more aboutโ€ฏCyble, visitโ€ฏwww.cyble.com.โ€ฏย 

Scroll to Top