The group of hackers going by the online handle of ShinyHunters is behind Minted breach – The same group was behind the Tokopedia breach.
On May 2nd, 2020, Hackread.com reported about the Shiny Hunters hacking group possessing authentic user data of eleven companies including Indonesian e-commerce giant Tokopedia and trying to sell it on a dark web marketplace and a hacker forum.
It turns out that the US-based marketplace Minted is one of those eleven companies. For your information, Minted is famous for providing independent artists with a platform to showcase and sell their art and earn money.
There were reports that Shiny Hunters have sold a database on the Dark Web that contained 5 million records belonging to Minted. And, Minted has confirmed the news with a breach notification that it was indeed a target of a data breach around three weeks back.
According to the notice, the hackers managed to access the company’s user records on 6 May 2020. The data breach led to the exposure of 5 million user credentials including blowfish hashed passwords, phone numbers, and billing/shipping addresses of Minted customers.
Hackread.com can confirm that the entire database is being sold on the Dark Web for $2,500.
The company has categorically rejected the reports that credit card and payment related data was compromised in the data breach.
Furthermore, it has confirmed that neither financial data nor “customer address book information, or photos or personalized information” was exposed.
Minted has informed the US federal law enforcement authorities and the investigation is still in its early stages. Moreover, the company is currently busy optimizing its security protocols and notifying affected customers via email urging them to change their passwords and keep unique and strong passwords this time around.