ShinyHunters leaked the database earlier today revealing that it does not contain any password.
Another day, another data breach. This time, the infamous hacker going by the online handle of ShinyHunters has leaked a database belonging to Mashable.com, a global media, and entertainment company.
The 5.22GB worth of database was leaked earlier today on a prominent hacker forum. It can be confirmed that the database is now available on several other forums including Russian-speaking ones.
After analyzing some of the data, Hackread.com can confirm that the leaked database contains staff, users, and subscribers data such as full names, email addresses, country, gender, job description, online behavior related details, date of registration, IP addresses, social media profile links, and authentication tokens, etc.
However, a sigh of relief for Mashable is that the database does not contain any password or financial details since the company runs an online shop on the same domain. The hacker, ShinyHinters, has also stated in their post on hacker forum that the “it (database) does not contain any password.
We have informed Mashable about the breach and this article will be updated in case the media giant gets back to us with a statement.
As for ShinyHunters; Mashable breach is another addition to their “portfolio.” In the last few months, the hacker leaked dozens of databases stolen from prominent companies including:
WattPad – 271 million accounts leaked
Dunzo – 11GB worth of data leaked
Dave.com – 7 million accounts leaked
Bhinneka – 1 million+ accounts leaked
Minted – 5 million accounts leaked
ProctorU – 444,267 accounts leaked
Tokopedia – 91 million accounts leaked
Couchsurfing – 17 million accounts leaked
Update (Tuesday- 10/11/2020):
Mashable did not respond to our email even though Hackread.com was probably the very first publication to alert the company about the breach. However, according to their official statement published yesterday, the company has acknowledged the breach.
Based on our review, the database breach related to a feature that, in the past, had allowed readers to use their social media account sign-in (such as Facebook or Twitter) to make sharing content from Mashable easier.
The types of data in the database included first and last names, general location (such as city or country), email addresses, gender, date of registration, IP addresses, links to social media profiles, expired OAuth tokens, and month and day of user birthdays (but not year).