The wave of data breaches that have surfaced recently are part of a larger data breach affecting multiple companies and nearly 400M accounts.
A hacker known as ShinyHunter was discovered posting data on a hacker forum known to trade in stolen data. While hackers often try to sell databases and data breach records, ShinyHunter was posting the leaked data for free, making the sensitive data accessible to anyone who wanted it, free of charge. The hacker claimed that it was because they had already made money selling the database earlier on that they could just release it for free.
The list of impacted sites can be found below.
What can you do?
If you have an account on one of these sites, change your password immediately – don’t wait for the company to reach out to you. While companies such as Drizly have moved quickly and prompted users to change their password, there’s no guarantee that every company will act as swiftly or reach out to the users that were impacted.
You should also reset your password on any account that was sharing the same password as one of the affected companies. Password reuse is common enough that hackers often take leaked passwords and try it on multiple accounts. To get even more real-time updates on data breaches, consider signing up with haveibeenpwned.com. It’s a free service that alerts you whenever your email is associated with a public data breach.
For more details on the hack, check out BleepingComputer’s post.