Minted confirms data breach as Shiny Hunters sell its database

The group of hackers ShinyHunters is behind Minted breach.
Popular marketplace confirms data breach as hackers sell its database

The group of hackers going by the online handle of ShinyHunters is behind Minted breach – The same group was behind the Tokopedia breach.

On May 2nd, 2020, reported about the Shiny Hunters hacking group possessing authentic user data of eleven companies including Indonesian e-commerce giant Tokopedia and trying to sell it on a dark web marketplace and a hacker forum.

It turns out that the US-based marketplace Minted is one of those eleven companies. For your information, Minted is famous for providing independent artists with a platform to showcase and sell their art and earn money. 

See: Shiny Hunters claim to breach Microsoft’s GitHub account; steal 500GB of data

There were reports that Shiny Hunters have sold a database on the Dark Web that contained 5 million records belonging to Minted. And, Minted has confirmed the news with a breach notification that it was indeed a target of a data breach around three weeks back.

According to the notice, the hackers managed to access the company’s user records on 6 May 2020. The data breach led to the exposure of 5 million user credentials including blowfish hashed passwords, phone numbers, and billing/shipping addresses of Minted customers. 

Popular marketplace confirms data breach as hackers sell its database
The screenshot shows a full list of the stolen database currently being sold by Shiny Hunters group (Image: can confirm that the entire database is being sold on the Dark Web for $2,500.

See: Alleged data of 47.5 million Truecaller Indian users sold online

The company has categorically rejected the reports that credit card and payment related data was compromised in the data breach. 

Furthermore, it has confirmed that neither financial data nor “customer address book information, or photos or personalized information” was exposed.

Minted has informed the US federal law enforcement authorities and the investigation is still in its early stages. Moreover, the company is currently busy optimizing its security protocols and notifying affected customers via email urging them to change their passwords and keep unique and strong passwords this time around.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter

Related Posts