ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy, compromising personal details of millions of users and tens of thousands of employees.
The infamous ShinyHunters hacking group, known for their recent Ticketmaster data breach, has struck again with a series of new attacks. This time, they have targeted Neiman Marcus, a renowned American luxury department store chain based in Dallas, Texas; Truist Financial Corporation, a major bank holding company headquartered in Charlotte, North Carolina; and extracted 33 million phone numbers from Twilio’s Authy service.
Neiman Marcus Data Breach
On Thursday, June 27, 2024, ShinyHunters leaked the Neiman Marcus database on the Breach Forums cybercrime platform. In their post, the hackers criticized Neiman Marcus for not paying a “small fee for deletion” of the database, referencing the common ransom tactic of “pay to have the data deleted or don’t pay and face a leak.
“Neiman Marcus didn’t pay the small fee for deletion, hiding behind legal terms they invented; so we decided Neiman Marcus can pay $200 million in fines instead, we are giving for free the hottest base (of the hour).”
ShinyHunters
As seen by Hackread.com, the leaked Neiman Marcus database contains personal data of over 40 million customers, including 29.7 million unique email addresses. The compromised data includes the following information:
- Full names
- IP addresses
- Dates of birth
- phone numbers
- Payment histories
- Account balances
- Payment card data
- payment methods
- physical addresses
- Browser user agent details
- Gift cards numbers (without PINs)
and a lot more…
In a data breach notification submitted to the Office of the Attorney General of the state of Maine, Neiman Marcus acknowledged the incident and held Snowflake, a third-party cloud computing-based data company, responsible. According to the notification, the data breach occurred between April and May 2024, and the affected customers were notified on June 24, 2024.
Truist Bank Employee Database
On Thursday, June 27, 2024, ShinyHunters leaked another database on Breach Forums, this time belonging to Truist Bank or Truist Financial Corporation, an American bank holding company headquartered in Charlotte, North Carolina.
It is important to note that the database contains only employee information; no customers were impacted. According to the hacker group, the data breach occurred in October 2023 and the database included 79,000 unique email addresses of the bank’s employees. Other data included in the leak consists of the following:
- Job titles
- Full names
- Dates of birth
- phone numbers
- Account balances
- Partial credit card data
And more…
Like Neiman Marcus, Truist Bank also acknowledged the breach. The company released the following statement:
“In October 2023, we experienced a cybersecurity incident that was quickly contained…In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.”
However, this is not the first time that Truist Bank suffered a data breach. In December 2021, the company confirmed a security incident in which hackers managed to steal customer names and other personal identifier in combination including Social Security Number (SSNs).
Twilio Authy Phone Numbers
On Thursday, June 27, 2024, ShinyHunters leaked yet another set of data. This time, it involved 33 million phone numbers belonging to Twilio Authy, a two-factor authentication (2FA) service provided through a free mobile app.
In response to the group’s claims, on July 1, 2024, Twilio acknowledged that threat actors were able to access data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. However, the company stated that there is no evidence the hackers obtained access to Twilio’s systems or other sensitive data.
Twilio is urging users to update their Twilio Authy app on iOS and Android to the latest version. The American cloud communications giant is also advising users to be vigilant for smishing (SMS phishing) and phishing attacks.
Nevertheless, all three data leaks put unsuspecting users and employees at risk of various cybersecurity and physical threats. Users and employees of Twilio, Neiman Marcus, and Truist Bank should change their passwords on all services, enable 2FA through another service, and remain vigilant for malicious emails and social media-related scams targeting them.
