Lingolol

Dissent Doe :cupofcoffee:Are Scattered Spider and ShinyHunters one group or two? And who did France arrest?It's been a wild weekend here trying to sort out the relationship between <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> and <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a>. And then, to really blow my mind, I heard from the leader of ShinyHunters (or someone claiming to be him) and no, he's not in prison in France. If I was trolled, it's absolutely an amazingly good troll. But see what you think.<a href="https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/</a><a href="https://infosec.exchange/tags/attribution" class="mention hashtag" rel="nofollow noopener" target="_blank">#attribution</a> <a href="https://infosec.exchange/tags/arrest" class="mention hashtag" rel="nofollow noopener" target="_blank">#arrest</a> <a href="https://infosec.exchange/@lawrenceabrams" class="u-url mention" rel="nofollow noopener" target="_blank">@lawrenceabrams</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a>

Dissent Doe :cupofcoffee:As expected, more details are emerging in other news outlets about the arrest of <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a>. One detail I noted is that ShinyHunters is suspected of being responsible for the attacks on <a href="https://infosec.exchange/tags/LVMH" class="mention hashtag" rel="nofollow noopener" target="_blank">#LVMH</a>, which is the high-end brand associated with Tiffany and Dior, who both reported breaches this year. Although there had been some speculation that <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> might be responsible for those breaches, it appears that ShinyHunters was allegedly responsible.There have been a number of hacks this year where it is not clear -- in the absence of law enforcement confirmation -- whether a <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> has been by Scattered Spider or ShinyHunters, or whether they have collaborated with one doing the hacking and the other doing the extortion. I predict in weeks/months to come, we will be given a pretty big list of big hacks that ShinyHunters has been involved in this year. As I reported in my coverage of the PowerSchool hack and prosecution of Matthew Lane, ShinyHunters' name has been linked to that one, too, but was not named as a co-conspirator. This is where I should write "This is a developing story..." huh? <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a>

Dissent Doe :cupofcoffee:There's always drama with the Breached/BreachForums saga. Here's some of what has been going on in the past few weeks after BreachForums[.]st went offline without any explanation:"SCAM" is a four-letter word: BreachForums edition: <a href="https://databreaches.net/2025/05/02/scam-is-a-four-letter-word-breachforums-edition/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/05/02/scam-is-a-four-letter-word-breachforums-edition/</a><a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/forum" class="mention hashtag" rel="nofollow noopener" target="_blank">#forum</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/Breached" class="mention hashtag" rel="nofollow noopener" target="_blank">#Breached</a> <a href="https://infosec.exchange/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/Anastasia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anastasia</a> <a href="https://infosec.exchange/tags/Momondo" class="mention hashtag" rel="nofollow noopener" target="_blank">#Momondo</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://infosec.exchange/@euroinfosec" class="u-url mention" rel="nofollow noopener" target="_blank">@euroinfosec</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a> <a href="https://infosec.exchange/@lawrenceabrams" class="u-url mention" rel="nofollow noopener" target="_blank">@lawrenceabrams</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> hacker group claims <a href="https://hachyderm.io/tags/Ticketmaster" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ticketmaster</a> breach is far bigger than previously anticipated, stealing 193M barcodes, including 440,000 <a href="https://hachyderm.io/tags/TaylorSwift" class="mention hashtag" rel="nofollow noopener" target="_blank">#TaylorSwift</a> tickets. Valued at $22B, now demand $8M from <a href="https://hachyderm.io/tags/LiveNation" class="mention hashtag" rel="nofollow noopener" target="_blank">#LiveNation</a>! Ticketmaster has also refuted claims about a <a href="https://hachyderm.io/tags/ransom" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransom</a> offer, stating they were never involved in any negotiations. “Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen." <a href="https://hackread.com/ticketmaster-breach-shinyhunters-leak-taylor-swift-eras-tour-tickets/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/ticketmaster-breach-shinyhunters-leak-taylor-swift-eras-tour-tickets/</a>

Dissent Doe :cupofcoffee:I haven't posted this on my site yet, but there have been a few developments likely related to the seizure of <a href="https://infosec.exchange/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a>. As a preview, recall that Kantonspolizei Zürich were one of the cooperating entities in the takedown and that the seizure notice had two avatars behind bars: one was Baphomet, the other was a default avatar that has been used by a number of people, but is not the avatar of the forum owner ShinyHunters.Law enforcement has yet to issue any press release or answer any questions about the takedown. Developments:<a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> was notified by <a href="https://infosec.exchange/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> that they had received a court order ordering CF to cancel BF's account. CF complied with the court order. (Source: ShinyHunters shared text copy of CF communication with DataBreaches)CF did not tell ShinyHunters what court had ordered that, so Shiny asked them to provide a copy of the order if there was no gag order with it, or to at least say what court ordered it so it could be appealed. They have not gotten a response from CF as yet to that request.On May 15, the same day as the takedown, Switzerland Services sent customers a notice stating, in part, that "all our network equipment and servers in Switzerland were confiscated yesterday by Swiss police due to a local prosecutor order and therefore all services in Switzerland are currently unavailable and all data can de considered as lost and compromised."ShinyHunters had previously told DataBreaches that BF has used servers and services in Switzerland. ShinyHunters has also claimed to be in Switzerland. DataBreaches does not know if that is true or not. I'll have this up on databreaches.net soon with the full message from Switzerland Services. <a href="https://infosec.exchange/tags/seizure" class="mention hashtag" rel="nofollow noopener" target="_blank">#seizure</a> <a href="https://infosec.exchange/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FBI</a> <a href="https://infosec.exchange/tags/NCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NCA</a> <a href="https://infosec.exchange/tags/enforcement" class="mention hashtag" rel="nofollow noopener" target="_blank">#enforcement</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a> <a href="https://infosec.exchange/@DarkWebInformer" class="u-url mention" rel="nofollow noopener" target="_blank">@DarkWebInformer</a> <a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener" target="_blank">@arstechnica</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a>

Dissent Doe :cupofcoffee:Sébastien Raoult, aka "Sezyo," sentenced in federal court today; could be out in less than 11 months:<a href="https://www.databreaches.net/sebastien-raoult-sentenced-in-federal-court-could-be-out-in-less-than-11-months/" rel="nofollow noopener" translate="no" target="_blank">https://www.databreaches.net/sebastien-raoult-sentenced-in-federal-court-could-be-out-in-less-than-11-months/</a><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/Sawfish" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sawfish</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@BleepingComputer</a> <a href="https://ioc.exchange/@jgreig" class="u-url mention" rel="nofollow noopener" target="_blank">@jgreig</a>

Dissent Doe :cupofcoffee:The reincarnation of BreachForums: A cyberdrama in three acts<a href="https://www.databreaches.net/the-reincarnation-of-breachforums-a-cyberdrama-in-three-acts/" rel="nofollow noopener" target="_blank">https://www.databreaches.net/the-reincarnation-of-breachforums-a-cyberdrama-in-three-acts/</a><a href="https://infosec.exchange/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/Exposed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Exposed</a> <a href="https://infosec.exchange/@underthebreach" class="u-url mention" rel="nofollow noopener" target="_blank">@underthebreach</a> <a href="https://infosec.exchange/@vxunderground" class="u-url mention" rel="nofollow noopener" target="_blank">@vxunderground</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://infosec.exchange/@aj_vicens" class="u-url mention" rel="nofollow noopener" target="_blank">@aj_vicens</a> <a href="https://ioc.exchange/@jgreig" class="u-url mention" rel="nofollow noopener" target="_blank">@jgreig</a> <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@BleepingComputer</a>

Graham CluleyShinyHunters suspect extradited to United States from Morocco, could face 116 years in jail if convicted.Read more in my article on the Tripwire blog:<a href="https://www.tripwire.com/state-of-security/shinyhunters-suspect-extradited-united-states" rel="nofollow noopener" target="_blank">https://www.tripwire.com/state-of-security/shinyhunters-suspect-extradited-united-states</a><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.green/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://mastodon.green/tags/extradition" class="mention hashtag" rel="nofollow noopener" target="_blank">#extradition</a> <a href="https://mastodon.green/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#shinyhunters</a>

Recent searches

Search options

Administered by:

Server stats:

#shinyhunters