Hacked ChatBooks Photo Data For Sale

Uploaded on 2020-05-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber-attack. Data consisting of 15 million user records is now being offered for sale on the Dark Web.

Chatbooks, a US company that sells albums of digital photos, has now told its customers that it was hackeded in March by hackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords and in some cases, phone numbers and Facebook ID data.

This breach is part of a larger wave of attacks by what is thought to be a single group of hackers that is now selling over 73 million user records from 11 companies.

A hacker group called Shiny Hunters started advertising ChatBooks user records on a dark web market, asking $2,000 for 15 million rows of data. They provided a sample with email addresses, hashed passwords, social media access tokens, and personally identifiable information

The company informed users that payment or credit card information was not present in their database, so it was not impacted. Also, there is no evidence to suggest that personal data, like photos, was stolen. According to the notification, the company learned about the intrusion on Tuesday, May 5, two days after the hackers started advertising ChatBooks user records on a dark web market. Based on forensic investigation, the breach occurred on March 26.
ChatBooks are not the only victims of Shiny Hunters but it is the first company that admitted to being hacked and alerted their customers.

BleepingComputer found that the same hackers are selling user records from multiple companies. Some of them learned from the media that their user records were on sale and had just begun an investigation when BleepingComputer reached out for comment. The hackers do not offer the information exclusively, and the details included may have attracted an increased number of buyers.

The stolen passwords enjoy some security but the company advises its customers to change their them as soon as possible.

Although hashing is a one-way process that does not allow reversing to the original string, hackers have huge lists of passwords. They can convert them to hashes, add the salt, and compare the results with what the stolen database provides. The hacker group also is trying to sell 3 million records it says were from another unrelated breach. 

Chatbooks:     Bleeping Computer:      Cyberscoop:     BankInfoSecurity:

You Might Also Read:

Facial Recognition Company Hacked:

 

 

 

« Hackers Succeed In Doing More Harm Than Insiders
Iran In The Firing Line »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.