Each generation of popular Pokémon games is centered around the same basic principle: the main objective is to collect as many different characters as possible. Over the years, Pokémon has grown into a mega-successful franchise, spanning card games, television series, film spinoffs, books, and so on.
In a way, it has also inspired a hacker group that calls itself ShinyHunters. So who are they? What do ShinyHunters do?
Who Are ShinyHunters and What Do They Do?
Much like gamers collect Pokémon, ShinyHunters collects—or, rather, steals—data. The group uses the Pokémon Umbreon as its avatar on social media and hacker forums.
ShinyHunters first surfaced in May 2020, when it posted more than 90 million Tokopedia (Indonesia's largest e-commerce platform) user records for sale on a dark web marketplace called Empire Market.
Since then, the group has been very active on underground forums, where it sells stolen data or posts it for free, which has increased its notoriety and popularity among cybercriminals.
Like most hacker groups, ShinyHunters retreats and goes underground after a successful attack. During this period of public inactivity, which usually lasts a few months, the hackers develop new products and tactics, select their targets, and then strike again.
Who Has ShinyHunters Targeted?
ShinyHunters has taken aim at dozens of large and mid-size organizations since May 2020.
Here are the most notable data breaches it has carried out.
Microsoft GitHub
In May 2020, ShinyHunters contacted the popular tech website Bleeping Computer to reveal that it had stolen more than 500GB of Microsoft source code from the company's private GitHub account.
The group said that it had initially planned to sell the data, but then decided to leak it for free. Microsoft first denied that the attack had taken place, but later conceded that it did.
Wattpad
ShinHunters was responsible for the massive July 2020 Wattpad hack, which exposed data from 271 million users, including display names, full names, email addresses, dates of birth, IP addresses, and passwords.
As BetaKit reported at the time, the data was initially offered for $100,000, but then leaked via RaidForums for free. In a statement, Wattpad confirmed the breach but noted that no financial information was accessed during the incident.
Mashable
In November 2020, ShinyHunters attacked Mashable, a media and entertainment company based in the United States, leaking 5.22GB of the database for free, as reported by HackRead.
The extensive database contained user, staff, and subscriber data. It included full names, email addresses, gender, country, job description, social media profile links, and online behavior-related details.
Fortunately for those affected by the breach, the data obtained by ShinyHunters did not contain financial information.
Pixlr
In January 2021, ShinyHunters hacked the the online photo editing application Pixlr. It gained access to 1.9 million user records, consisting of usernames, passwords, email addresses, and other private information.
According to CPO Magazine, the group posted the user records on an underground hacker forum for free, winning praise and admiration from that community and the ire of Pixlr users.
ShinyHunters allegedly accessed Pixlr data by hacking the sister stock photo site 123rf—both are owned by the same parent company, Inmagine.
Bonobos
That same month, ShinyHunters hacked the Walmart-owned men's clothing retailer Bonobos, leaking a tremendous amount of customer data.
As per Bleeping Computer, the group released for free a massive database of millions of user addresses, phone numbers, passwords, and partial credit card records.
According to the company, the group did not manage to gain access to internal systems, but rather to a cloud-hosted backup file.
ShinyHunters' Shift to Extortion
Over the course of approximately 15 months, ShinyHunters made a name for itself in the hacker community by releasing stolen data for free. In early August 2021, it seemingly moved to extortion.
According to the cybersecurity firm Digital Shadows, at that time, ShinyHunters began extorting its victims; threatening to expose their data unless a ransom is paid.
The switch was hardly a surprise, given that the most notorious and profitable hacker groups in the world tend to focus on ransomware and target mostly large organizations.
On August 17, 2021, the group put up for sale what it claimed was stolen data from the American telecommunications company AT&T. The auction was initially priced at $200,000, but quickly reached $1 million.
The post was later deleted by forum moderators, because it allegedly contained social security numbers. As of October 2021, it remains unclear if this was a PR stunt by ShinyHunters or if they actually managed to hack AT&T.
It is highly likely that ShinyHunters' move to extortion is permanent.
Who Is Behind ShinyHunters?
So, who are the individuals behind ShinyHunters? That remains unclear, but some cybersecurity researchers believe the group is at the very least affiliated with GnosticPlayers.
GnosticPlayers was behind more than 40 breaches in 2019, when it took aim at platforms such as Canva and Live Journal. Much like ShinyHunters, GnosticPlayers contacted members of the press to claim responsibility for attacks and released stolen data for free, before switching to selling it.
How to Find Out if ShinyHunters Stole Your Data
Even if you take all the necessary precautions, it is still possible to have your data exposed in a breach. There are several ways to check if you have been exposed, but the best and quickest one is to use an online tool called Have I Been Pwned.
This website allows anyone to check whether their email, phone number, or password have been compromised in a recorded data breach.
To do that, simply visit Have I Been Pwned and enter your details. If it turns out that your data is compromised, immediately change your password and set up two-factor authentication on all of your accounts.
Stay Vigilant
It is always a good idea to periodically check Have I Been Pwned to see whether your data has been exposed by ShinyHunters or some other hacker group.
Ideally, you should use multiple email addresses as opposed to just one, and never use the same password on multiple accounts. This should minimize your overall vulnerability, even if your data is stolen.
