Chatbooks Confirms Breach After ‘Shiny Hunters’ Sell Data

chatbooks data breach shiny hunters

Photo print service Chatbooks has disclosed a data breach after customers’ emails, passwords and more were listed for sale on underground forums.

Photo-print service Chatbooks has confirmed a data breach, a week after cybercriminals listed a database containing customer email addresses, passwords and more for sale on an underground forum.

The Utah-based company allows users to create customized photo books. Nate Quigley, CEO of Chatbooks, said the stolen information includes login credentials, including names, email addresses, and individual salted and hashed passwords. For a “small portion” of affected customers, some phone numbers, Facebook IDs and merchant tokens were also compromised. He urged customers to change their passwords “at your earliest convenience.”

“We are currently working with a digital security and forensics firm to assess the extent of this data security breach,” said  Quigley in a data breach notice this week. “Please accept our sincere apologies for any worry and inconvenience this incident causes you.”

No payment or credit-card data was compromised, stressed Quigley, and there’s no evidence suggesting that other personal information or photos were stolen. Threatpost has reached out to Chatbooks for further information on how the data breach occurred and how many customers are impacted.

Quigley said the breach occurred on March 26, and was discovered by the firm on May 5. On May 7, ZeroFox researchers reported that the Shiny Hunters hacking group was selling the Chatbooks customer database on underground forums, along with records from meal kit delivery service HomeChef and Chronicle.com.

shiny hunters

Credit: ZeroFox

The Chatbooks database, published on May 3, had a sale price for $2,000 and included email addresses, SHA-512 hashed passwords, social media access tokens and some personal identifiable information (PII). In total, the database listed for sale contained 15 million rows of data.

The Shiny Hunters group have made a mark on underground forums, already allegedly compromising 73.2 million user records from over 11 companies worldwide.

The group last week claimed that they broke into Microsoft’s GitHub account and stole 500 GB of data from the tech giant’s own private repositories on the developer platform. Researchers earlier this month also observed Shiny Hunters stealing log-in data for 91 millions users of Indonesia’s largest e-commerce platform, Tokopedia, and then selling it on the dark web for $5,000.

Researchers with ZeroFox noted that the Shiny Hunters hacking group appears to be taking a page out of the book of GnosticPlayers, the breach data broker who stole billions of records from dozens of companies between 2018 and 2019 and sold them online.

“Due to the verification of the Tokopedia breach by multiple researchers and the company itself, ZeroFOX Alpha Team has high confidence that these new breaches are legitimate, and will most likely be available on other breach marketplaces at lower prices in the near future,” said researchers. “It is likely that this actor will continue to breach companies and post their content for sale.”

Inbox security is your best defense against today’s fastest growing security threat – phishing and Business Email Compromise attacks. On May 13 at 2 p.m. ET, join Valimail security experts and Threatpost for a FREE webinar, 5 Proven Strategies to Prevent Email Compromise. Get exclusive insights and advanced takeaways on how to lockdown your inbox to fend off the latest phishing and BEC assaults. Please register here for this sponsored webinar.

Suggested articles