Shiny Hunters hacking group breach Home Chef database

The Shiny Hunters hacking group is quickly making a name for itself. In just a span of a couple of months, they have managed to breach large companies like Microsoft with the intent of obtaining sensitive data. As the adage says, there’s no rest for the wicked, and Shiny Hunters are back in the news for another data breach. This time, the company involved is a meal-prep delivery service called Home Chef. With the COVID-19 pandemic changing how many obtain groceries, meal-prep services have become a major hub for many. Home Chef is owned by Kroger, the largest U.S. supermarket operator.

On a dedicated webpage for customers, Home Chef reported that there had been a large data breach. They specifically stated the following:

We recently learned of a data security incident impacting select customer information... Based on the information known to date, the following information was impacted... Email address, name and phone number... Encrypted passwords... The last four digits of credit card numbers... Other account information such as frequency of deliveries and mailing address may also have been compromised.

Home Chef did not mention any specifics regarding the breach, but cybersecurity researchers were able to make some headway on their own. As reported by Bleeping Computer, Shiny Hunters were uncovered to be culprits thanks to a monetized data dump on a dark web forum. The data dump was a cluster of databases belonging to 11 different companies, including Home Chef. Shiny Hunters was charging $2,500 for the database, which was purported to have 8 million records of “a user’s email, encrypted password, last four digits of their credit card, gender, age, subscription information, and more.”

It is not confirmed at this time how Shiny Hunters gained access to Home Chef, but some experts have theories at least explaining why they were targeted. In an interview with Tara Seals of Kaspersky Lab’s Threatpost, James Carder, chief security officer and vice president of LogRhythm, stated the following:

Home Chef is one of the key players in the multibillion-dollar meal-kit delivery industry and is owned by one of the biggest supermarket retailers, Kroger... A company of this size must take responsibility for ensuring that sufficient security measures are in place to protect customer data and rapidly respond to cyberthreats. This is especially true now, as demand for deliver services continues to grow amid the coronavirus crisis. All companies in this sector must not falsely assume that they are immune to attack just because they have become an essential service to help people during a challenging time.

This is not, unfortunately, the last time Shiny Hunters will strike if their M.O. is anything to go by. Should they strike again, TechGenix will keep you informed.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Review: Identity verification solution Specops Secure Service Desk

Specops Secure Service Desk is an innovative solution for positively identifying a user who calls…

4 hours ago

Apple Silicon: What it means for the world of personal computing

Apple is moving away from Intel processors to use its own Apple Silicon processors to…

7 hours ago

RAID 0 vs. RAID 1: When to use each level and why

Two of the most popular RAID levels for improving performance are RAID 0 and RAID…

10 hours ago

Got cybersecurity tools? Good. Got too many? That may be a problem

Strength in numbers may not apply to cybersecurity tools. In fact, using too many tools…

1 day ago

Getting started with System Center Operations Manager

System Center Operations Manager can monitor your IT resources, but the tool is only as…

1 day ago

Microsoft 365 administration: Creating DNS records for email security

Microsoft 365 administration has many facets, but none is more important than configuring email. Here’s…

1 day ago