Hacked ChatBooks Photo Data For Sale

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber-attack. Data consisting of 15 million user records is now being offered for sale on the Dark Web.

Chatbooks, a US company that sells albums of digital photos, has now told its customers that it was hackeded in March by hackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords and in some cases, phone numbers and Facebook ID data.

This breach is part of a larger wave of attacks by what is thought to be a single group of hackers that is now selling over 73 million user records from 11 companies.

A hacker group called Shiny Hunters started advertising ChatBooks user records on a dark web market, asking $2,000 for 15 million rows of data. They provided a sample with email addresses, hashed passwords, social media access tokens, and personally identifiable information

The company informed users that payment or credit card information was not present in their database, so it was not impacted. Also, there is no evidence to suggest that personal data, like photos, was stolen. According to the notification, the company learned about the intrusion on Tuesday, May 5, two days after the hackers started advertising ChatBooks user records on a dark web market. Based on forensic investigation, the breach occurred on March 26.
ChatBooks are not the only victims of Shiny Hunters but it is the first company that admitted to being hacked and alerted their customers.

BleepingComputer found that the same hackers are selling user records from multiple companies. Some of them learned from the media that their user records were on sale and had just begun an investigation when BleepingComputer reached out for comment. The hackers do not offer the information exclusively, and the details included may have attracted an increased number of buyers.

The stolen passwords enjoy some security but the company advises its customers to change their them as soon as possible.

Although hashing is a one-way process that does not allow reversing to the original string, hackers have huge lists of passwords. They can convert them to hashes, add the salt, and compare the results with what the stolen database provides. The hacker group also is trying to sell 3 million records it says were from another unrelated breach. 

Chatbooks:     Bleeping Computer:      Cyberscoop:     BankInfoSecurity:

You Might Also Read:

Facial Recognition Company Hacked:

 

 

 

« Hackers Succeed In Doing More Harm Than Insiders
Iran In The Firing Line »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.