Hacked ChatBooks Photo Data For Sale
ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber-attack. Data consisting of 15 million user records is now being offered for sale on the Dark Web.
Chatbooks, a US company that sells albums of digital photos, has now told its customers that it was hackeded in March by hackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords and in some cases, phone numbers and Facebook ID data.
This breach is part of a larger wave of attacks by what is thought to be a single group of hackers that is now selling over 73 million user records from 11 companies.
A hacker group called Shiny Hunters started advertising ChatBooks user records on a dark web market, asking $2,000 for 15 million rows of data. They provided a sample with email addresses, hashed passwords, social media access tokens, and personally identifiable information
The company informed users that payment or credit card information was not present in their database, so it was not impacted. Also, there is no evidence to suggest that personal data, like photos, was stolen. According to the notification, the company learned about the intrusion on Tuesday, May 5, two days after the hackers started advertising ChatBooks user records on a dark web market. Based on forensic investigation, the breach occurred on March 26.
ChatBooks are not the only victims of Shiny Hunters but it is the first company that admitted to being hacked and alerted their customers.
BleepingComputer found that the same hackers are selling user records from multiple companies. Some of them learned from the media that their user records were on sale and had just begun an investigation when BleepingComputer reached out for comment. The hackers do not offer the information exclusively, and the details included may have attracted an increased number of buyers.
The stolen passwords enjoy some security but the company advises its customers to change their them as soon as possible.
Although hashing is a one-way process that does not allow reversing to the original string, hackers have huge lists of passwords. They can convert them to hashes, add the salt, and compare the results with what the stolen database provides. The hacker group also is trying to sell 3 million records it says were from another unrelated breach.
Chatbooks: Bleeping Computer: Cyberscoop: BankInfoSecurity:
You Might Also Read:
Facial Recognition Company Hacked: