Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Star Tribune data leaked for free on dark web

Star Tribune data leaked for free on dark web

by Bernard Meyer
29 October 2020
in Security
0
Star Tribune data leaked for free on Russian hacking forum
29
SHARES

Cybercriminals leaked 1 million Star Tribune users’ data on a popular Russian hacking forum. The data leak follows a reported hack in early May 2020, in which the Star Tribune, along with 10 other companies, had their systems breached by a hacking group known as Shiny Hunters.

Hackers claim to have stolen 73.2 million user records from 10 businesses, including 1 million from the Star Tribune, which it is now attempting to sell on the dark web. https://t.co/u2wyJSwVs7

— Star Tribune (@StarTribune) May 11, 2020

Fortunately for the Star Tribune and its users, and unfortunately for the hacking group, Star Tribune had already hashed their users’ passwords with a very strong algorithm known as bcrypt. 

This may be the reason that the data is being leaked for free. A request for comment from the Star Tribune was not returned by time of publishing.

Along with Star Tribune user data, the cybercriminal is also leaking Minted.com user data. Minted.com is a design marketplace for independent artists.

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

The Star Tribune data being leaked

Star Tribune is Minnesota’s largest newspaper, with a daily circulation of 184,000. Founded in 1867, its journalists have won multiple Pulitzer Prizes. 

Some of the data that is contained in the file includes:

  • Email address
  • Username
  • Hashed passwords
  • Names
  • Birthdates
  • Addresses
  • Phone numbers

The data was being made available in a 900-megabyte SQL file. 

The fact that the Star Tribune was hacked in the first place points to a fault in their online systems. However, the good news here is that the passwords are in bcrypt format, which is a strong hashing algorithm and often highly recommended. Hashing algorithms like bcrypt take plain text passwords and turn them into a complicated combination of characters.

Minted.com data leaked

The same leaker also gave away hacked data from Minted.com, a marketplace for independent artists. This forum post appears to show that the data is from a February 2020 hack. The hack by the Shiny Hunters group was reported at the end of May 2020, where it reportedly sold 5 million users’ data.

This leak includes similar types of data to the Star Tribune leak:

  • Names
  • Email address
  • Username
  • Hashed passwords
  • Birthdates
  • Addresses
  • Phone numbers

Again, the passwords seem to have been hashed with the bcrypt algorithm.

The Shiny Hunters hack

This May, a hacking group that goes by the name Shiny Hunters started flooding dark web marketplaces with offers to sell multiple databases containing a total of 73.2 million user records from 11 different companies. Star Tribune was one of the companies affected by this attack.

The hacking group was selling the databases from the various companies for $1,500-$5,000, or $18,000 in total for all databases. It is unclear how the hack took place or who may have purchased them. It is likely that the cybercriminals were unable to sell the database.

Steve Yaeger, Vice President and Chief Marketing Officer for Star Tribune said in May: “We haven’t been able to verify that it happened, but we’re acting though it has. The information that the hackers alleged to have accessed is simply used by our subscribers to log on to startribune.com and read the news.”

The newspaper’s coverage of the hack provided users with some useful advice:

  1. Users should update their passwords on Star Tribune’s website
  2. If the same email address and password combinations are for other accounts, users should change those immediately. Using a password manager to create complex passwords is highly recommended
  3. Users should beware of suspicious emails, and not respond to any messages claiming to have their data
Share29TweetShareShare
Next Post

Vandana Verma: why do we need psychologists in infosecurity?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
Security

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

by CyberNews Team
26 February 2021
4

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen...

Read more
A blast from the past: the finest retro PCs people use

A blast from the past: the finest retro PCs people use

26 February 2021
How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

25 February 2021
Forget Bruce Willis. AI will protect us from killer asteroids instead

Forget Bruce Willis. AI will protect us from killer asteroids instead

24 February 2021
COMb data leak - Mother of all breaches

COMB: largest breach of all time leaked online with 3.2 billion records

12 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best web hosting services
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!