Star Tribune data leaked for free on dark web

Cybercriminals leaked 1 million Star Tribune users’ data on a popular Russian hacking forum. The data leak follows a reported hack in early May 2020, in which the Star Tribune, along with 10 other companies, had their systems breached by a hacking group known as Shiny Hunters.

Fortunately for the Star Tribune and its users, and unfortunately for the hacking group, Star Tribune had already hashed their users' passwords with a very strong algorithm known as bcrypt. 

This may be the reason that the data is being leaked for free. A request for comment from the Star Tribune was not returned by time of publishing.

Along with Star Tribune user data, the cybercriminal is also leaking Minted.com user data. Minted.com is a design marketplace for independent artists.

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

The Star Tribune data being leaked

Star Tribune is Minnesota’s largest newspaper, with a daily circulation of 184,000. Founded in 1867, its journalists have won multiple Pulitzer Prizes. 

Some of the data that is contained in the file includes:

• Email address
• Username
• Hashed passwords
• Names
• Birthdates
• Addresses
• Phone numbers

The data was being made available in a 900-megabyte SQL file. 

The fact that the Star Tribune was hacked in the first place points to a fault in their online systems. However, the good news here is that the passwords are in bcrypt format, which is a strong hashing algorithm and often highly recommended. Hashing algorithms like bcrypt take plain text passwords and turn them into a complicated combination of characters.

Minted.com data leaked

The same leaker also gave away hacked data from Minted.com, a marketplace for independent artists. This forum post appears to show that the data is from a February 2020 hack. The hack by the Shiny Hunters group was reported at the end of May 2020, where it reportedly sold 5 million users' data.

This leak includes similar types of data to the Star Tribune leak:

• Names
• Email address
• Username
• Hashed passwords
• Birthdates
• Addresses
• Phone numbers

Again, the passwords seem to have been hashed with the bcrypt algorithm.

The Shiny Hunters hack

This May, a hacking group that goes by the name Shiny Hunters started flooding dark web marketplaces with offers to sell multiple databases containing a total of 73.2 million user records from 11 different companies. Star Tribune was one of the companies affected by this attack.

The hacking group was selling the databases from the various companies for $1,500-$5,000, or $18,000 in total for all databases. It is unclear how the hack took place or who may have purchased them. It is likely that the cybercriminals were unable to sell the database.

Steve Yaeger, Vice President and Chief Marketing Officer for Star Tribune said in May: “We haven’t been able to verify that it happened, but we’re acting though it has. The information that the hackers alleged to have accessed is simply used by our subscribers to log on to startribune.com and read the news.”

The newspaper’s coverage of the hack provided users with some useful advice:

1. Users should update their passwords on Star Tribune’s website
2. If the same email address and password combinations are for other accounts, users should change those immediately. Using a password manager to create complex passwords is highly recommended
3. Users should beware of suspicious emails, and not respond to any messages claiming to have their data