Cybersecurity experts and users alike are worried about a recent report that the hacking group ShinyHunters is offering more stolen data on the darknet marketplace in a concerning development. It has been reported that the group is attempting to sell four additional datasets following the sale of three large databases of compromised user information last week. Boulanger Electroménager & Multimédia, a long-established French retailer specialising in household appliances and multimedia products, has attempted to sell four additional databases. 

Since its establishment in 1954, Boulanger has operated a nationwide network of physical stores in addition to delivering goods across the country. As well as offering digital retail channels, the company offers a mobile application that has been downloaded more than one million times from both Google Play store and Apple's App store, demonstrating its broad consumer reach and ability to engage consumers digitally. 

Upon discovering the compromised data related to Boulanger through a forum post located on the open internet, cybersecurity researchers concluded that the breach was a consequence of cybercrime. The platform on which this message board is located is a well-known platform that distributes a wide variety of digital content, such as leaked databases, cracked software, and other illicit materials. 

Since the stolen information is available on such an easily accessible and public site, there are serious concerns that the customer data could be exposed to the public domain and misused if it were to be misused. In this respect, this discovery highlights the challenges that companies face when it comes to data protection, especially in the retail sector, where both online and offline companies operate at a large scale. As a result of the alleged exposure of these platforms, there are serious concerns raised about the privacy of users and the security measures that are in place at these companies. 

The exact nature and extent of the compromised information have not yet been publicly confirmed by all the affected organisations, but early reports suggest that this information could include email addresses, hashed passwords, as well as other personal information. Security researchers and organisations affected by the breaches continue to assess the full scope of the breaches, as the situation continues to unfold. Cyble made its disclosure to keep tabs on cybercrime forums and darknet marketplaces, where stolen data can often be bought and sold. 

A team of security researchers at Safety Detectives has confirmed the presence of sensitive customer information that was stolen from a French electronics retailer in 2024 and is currently available online for free distribution. By analysing some samples of the exposed data, researchers were able to verify its validity and trace its origins to Boulanger Electroménager & Multimédia, a well-established French retailer established in 1954. In addition to offering an extensive selection of household appliances and multimedia products through both physical stores as well as through its online platform, Boulanger also provides a variety of electronic products. 

There is a report that Safety Detectives discovered that leaked information was found in a public forum thread on Clearweb, where a user had posted two download links to the compromised database that contained the leaked information. One link was able to provide access to a 16GB unparsed dataset contained in a 16GB JSON file that was reportedly containing more than 27 million records. Using the second link, one could access a parsed version.SV file of around 500MB in size, which contained a subset of five million records contained in a subset. 

In both datasets, sensitive customer information appears, but the full scope and specific nature of the information exposed have not yet been disclosed, although it is believed they contain sensitive customer information. According to reports, Boulanger was targeted by a coordinated ransomware attack in September 2024 that affected several French retailers, including Truffaut and Cultura, as well as several well-known French brands.  It was the cyber threat actor known as Horrormar44 who claimed responsibility for the breach. 

At the time, the stolen data had been listed for sale on a separate, clear web forum, which is no longer available, for €2,000 as a price. It is unclear whether any transactions have successfully taken place, although there were some indications that potential buyers were interested. In recent times, the compromised data has resurfaced and is now being offered for free on another publicly accessible site. 

A careful analysis of the data revealed that there were just over a million unique customer records within the cleaned version of the dataset with a few instances of duplicate records. This number, which is significantly lower than the five million claimed by the original author of the post, suggests that the original listing may have been either exaggerated or inflated. 

There are still over a million verified customer entries in the system, which is still a significant data exposure incident, and it raises serious concerns about how retailers will handle and protect personal data over the long term. As a result of the fact that a significant amount of verified individual data is currently being circulated openly online, there has been an increasing concern about data security in the retail industry. 

Both the parsed as well as the raw versions of the data are available online, which implies that there was a deliberate intent to make the stolen information accessible to those who may misuse it. There are still investigations going on, and cybersecurity experts are calling upon affected individuals and organizations to take immediate precautions. As far as the hacking group ShinyHunters is concerned, it remains unclear whether they are directly responsible for the initial breaches, but they have been actively brokering the sale of multiple stolen databases. 

The cybersecurity firm ZeroFox has recently published a report that reveals ShinyHunters have been linked to a high-profile data breach that has affected Tokopedia, a major Indonesian e-commerce platform, with the claim that approximately 15 million users' records have been compromised. In addition to this, there has been some press coverage that indicates that this group has allegedly taken over 500 gigabytes of private Microsoft GitHub repositories to steal data. There is still a considerable amount of investigation to be conducted on this alleged breach, but a Microsoft spokesperson confirmed to Information Security Media Group that the company is aware of the claim and will be investigating it immediately. 

A number of large databases have been sold on darknet forums by ShinyHunters, an organization associated with this group. There is a database that costs $2,500, and is reportedly made up of around 8 million user records allegedly sourced from HomeChef, a meal delivery service. The dataset includes information that can be used to identify a user, including phone numbers, zip codes, email addresses, IP addresses, and passwords hashed using the Bcrypt algorithm, among other things. 

Additionally, it contains entries that include the last four digits of the Social Security numbers for users. A sample of this information can be found on a darknet marketplace by searching for the name "First Stage: HomeChef [8M]" One more database that is listed for $2,500 is said to contain 15 million records, allegedly the result of a breach of Chatbooks, which is a platform for creating photo books. Among the items in the dataset are email addresses, social media access tokens, passwords hashed using the SHA-512 algorithm, as well as other personally identifiable information. 

ShinyHunters is also promoting the purchase of a third database allegedly containing 3 million records that were allegedly sourced from an incident at The Chronicle of Higher Education. Despite the fact that ZeroFox does not know what type of data is included in this set, which is priced at $1,500, there has been no mention of sample or specifics.

In light of these ongoing sales, ShinyHunters demonstrates the magnitude and sophistication of data trafficking operations connected to ShinyHunters and reinforces the urgent need for stronger security measures, especially among high-profile organisations and digital platforms. Leaked user data linked to ShinyHunters and similar threat actors is becoming increasingly available and more accessible, which is indicative of the troubling escalation of cybersecurity threats worldwide. 

There are many risks associated with the open sale of sensitive information, even free sharing of sensitive data on both the darknet and clearweb platforms. As a result, the risks to individuals and organisations have increased in recent years. Cyber threats are no longer just a threat to the corporate world; they affect every industry and location equally. The security professionals in the industry suggest that businesses prioritise proactive defence strategies, such as data encryption, continuous security audits, employee training, and protocols for responding to breaches as soon as possible. 

A consumer's vigilance is equally important, as is regularly updating their passwords, activating multi-factor authentication, and monitoring their identities for signs of identity misuse. In an increasingly vulnerable digital environment, this is the most important protection. It is becoming increasingly apparent that investigations will continue into these incidents, underscoring the urgent need for a coordinated, resilient and national approach to data security.