Hacked ChatBooks Photo Data For Sale

Uploaded on 2020-05-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber-attack. Data consisting of 15 million user records is now being offered for sale on the Dark Web.

Chatbooks, a US company that sells albums of digital photos, has now told its customers that it was hackeded in March by hackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords and in some cases, phone numbers and Facebook ID data.

This breach is part of a larger wave of attacks by what is thought to be a single group of hackers that is now selling over 73 million user records from 11 companies.

A hacker group called Shiny Hunters started advertising ChatBooks user records on a dark web market, asking $2,000 for 15 million rows of data. They provided a sample with email addresses, hashed passwords, social media access tokens, and personally identifiable information

The company informed users that payment or credit card information was not present in their database, so it was not impacted. Also, there is no evidence to suggest that personal data, like photos, was stolen. According to the notification, the company learned about the intrusion on Tuesday, May 5, two days after the hackers started advertising ChatBooks user records on a dark web market. Based on forensic investigation, the breach occurred on March 26.
ChatBooks are not the only victims of Shiny Hunters but it is the first company that admitted to being hacked and alerted their customers.

BleepingComputer found that the same hackers are selling user records from multiple companies. Some of them learned from the media that their user records were on sale and had just begun an investigation when BleepingComputer reached out for comment. The hackers do not offer the information exclusively, and the details included may have attracted an increased number of buyers.

The stolen passwords enjoy some security but the company advises its customers to change their them as soon as possible.

Although hashing is a one-way process that does not allow reversing to the original string, hackers have huge lists of passwords. They can convert them to hashes, add the salt, and compare the results with what the stolen database provides. The hacker group also is trying to sell 3 million records it says were from another unrelated breach. 

Chatbooks:     Bleeping Computer:      Cyberscoop:     BankInfoSecurity:

You Might Also Read:

Facial Recognition Company Hacked:

 

 

 

« Hackers Succeed In Doing More Harm Than Insiders
Iran In The Firing Line »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Octo

Octo

Octo, an IBM company, is a technology firm dedicated to solving the Federal Government’s most complex challenges, enabling agencies to jump the technology curve.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.

INETCO Systems

INETCO Systems

INETCO deliver essential real-time cybersecurity, payment fraud detection, operational monitoring and analytics solutions that empower our customers to grow their businesses without interruptions.

Telcion Communications Group

Telcion Communications Group

Telcion Communications Group provides communication and IT solutions to businesses and organizations throughout California and neighbouring states.