ShinyHunters hacker leaks 5.22GB worth of database


ShinyHunters leaked the database earlier today revealing that it does not contain any password.

Another day, another data breach. This time, the infamous hacker going by the online handle of ShinyHunters has leaked a database belonging to, a global media, and entertainment company.

The 5.22GB worth of database was leaked earlier today on a prominent hacker forum. It can be confirmed that the database is now available on several other forums including Russian-speaking ones.

Leaked database

After analyzing some of the data, can confirm that the leaked database contains staff, users, and subscribers data such as full names, email addresses, country, gender, job description, online behavior related details, date of registration, IP addresses, social media profile links, and authentication tokens, etc.

However, a sigh of relief for Mashable is that the database does not contain any password or financial details since the company runs an online shop on the same domain. The hacker, ShinyHinters, has also stated in their post on hacker forum that the “it (database) does not contain any password.

We have informed Mashable about the breach and this article will be updated in case the media giant gets back to us with a statement.

As for ShinyHunters; Mashable breach is another addition to their “portfolio.” In the last few months, the hacker leaked dozens of databases stolen from prominent companies including:

WattPad – 271 million accounts leaked

Dunzo – 11GB worth of data leaked – 7 million accounts leaked

Bhinneka – 1 million+ accounts leaked

Minted – 5 million accounts leaked

ProctorU – 444,267 accounts leaked

Tokopedia – 91 million accounts leaked

Couchsurfing – 17 million accounts leaked


Update (Tuesday- 10/11/2020): 

Mashable did not respond to our email even though was probably the very first publication to alert the company about the breach. However, according to their official statement published yesterday, the company has acknowledged the breach.

Based on our review, the database breach related to a feature that, in the past, had allowed readers to use their social media account sign-in (such as Facebook or Twitter) to make sharing content from Mashable easier.

The types of data in the database included first and last names, general location (such as city or country), email addresses, gender, date of registration, IP addresses, links to social media profiles, expired OAuth tokens, and month and day of user birthdays (but not year).


To Top

Pin It on Pinterest

Share This