Three more high-profile databases were being offered for sale by the same group claiming the Tokopedia and Unacademy breaches out of which one is meal kit delivery service, Homechef.
The other two were photo print services ChatBooks, and Chronicle.com, a news source for higher education.
Together, the three databases count user records and passwords from 26 million accounts.
With eight million user records, the HomeChef trove is the most expensive.
The hackers demand $2,500 for emails, bcrypt-hashed passwords, and IP addresses and in case of default, they highlighted their plan to sell it.
Personally identifiable information (PII) including phone numbers, zip codes, and partial social security numbers are also present in the sample set from the hackers.
TPRM report: https://scoringcyber.rankiteo.com/company/relished
"id": "hom1357301222",
"linkid": "relished",
"type": "Data Leak",
"date": "05/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '8 million',
'industry': 'Food and Beverage',
'name': 'HomeChef',
'type': 'Meal Kit Delivery Service'},
{'industry': 'Photography',
'name': 'ChatBooks',
'type': 'Photo Print Services'},
{'industry': 'Media and Entertainment',
'name': 'Chronicle.com',
'type': 'News Source for Higher Education'}],
'data_breach': {'data_encryption': 'bcrypt-hashed passwords',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '26 million',
'personally_identifiable_information': ['Phone numbers',
'Zip codes',
'Partial social '
'security numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'bcrypt-hashed passwords',
'IP addresses',
'Phone numbers',
'Zip codes',
'Partial social security '
'numbers']},
'description': 'Three high-profile databases, including HomeChef, ChatBooks, '
'and Chronicle.com, were offered for sale by the same group '
'responsible for the Tokopedia and Unacademy breaches. '
'Together, these databases contain user records and passwords '
'from 26 million accounts.',
'impact': {'data_compromised': ['Email addresses',
'bcrypt-hashed passwords',
'IP addresses',
'Phone numbers',
'Zip codes',
'Partial social security numbers'],
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'motivation': 'Financial Gain',
'title': 'Data Breach of HomeChef, ChatBooks, and Chronicle.com',
'type': 'Data Breach'}