The ShinyHunters hacking group has once again made headlines by claiming responsibility for a series of high-profile data breaches affecting Neiman Marcus, Truist Bank, and Twilio Authy. These breaches have resulted in the exposure of personal information belonging to millions of users and tens of thousands of employees.
The first target of the hackers was Neiman Marcus, a prestigious American luxury department store chain based in Dallas, Texas. The hackers leaked the Neiman Marcus database on the Breach Forums cybercrime platform, criticizing the company for not paying a “small fee for deletion.” The leaked database contained personal data of over 40 million customers, including email addresses, dates of birth, payment histories, and more. Neiman Marcus confirmed the breach and attributed it to a third-party cloud computing company.
The second breach involved Truist Bank, a major bank holding company headquartered in Charlotte, North Carolina. The hackers leaked a database containing employee information, including email addresses, job titles, and account balances. Truist Bank acknowledged the breach, stating that it had experienced a cybersecurity incident in October 2023, leading to the exposure of employee data. This incident marked the second data breach for Truist Bank, following a security breach in December 2021.
In the third breach, the hackers exposed 33 million phone numbers belonging to Twilio Authy, a two-factor authentication service. Twilio confirmed the breach and noted that threat actors had accessed data associated with Authy accounts through an unauthenticated endpoint. The company advised users to update their Authy app and remain vigilant for phishing attacks.
The repercussions of these data breaches extend beyond just exposure of personal information. Users and employees of the affected companies are urged to change their passwords, enable 2FA on other services, and be cautious of potential cyber threats. These breaches highlight the importance of maintaining strong cybersecurity measures and staying informed about potential risks in the digital landscape.
The prevalence of data breaches orchestrated by hacking groups like ShinyHunters underscores the ongoing threat posed by cybercriminals to organizations and individuals worldwide. As technology continues to advance, it is imperative for companies to prioritize cybersecurity efforts and for users to remain vigilant in protecting their personal information online.