A hacker group, known online as Team GhostShell, claims it successfully hacked over 300 websites and has posted over 13,000 users’ personal details online.
The Ghostshell hackers claimed responsibility for the cyber crime wave by posting a series of tweets containing the victim sites’ URLs and links to data dumps containing the alleged user information.
The victim sites came from a variety of locations and backgrounds, ranging from educational institutions in Australia to Korean music services.
The group still appears to be sporadically updating the list of hacked sites on its Twitter feed, meaning the full extent of the alleged hacking spree remains unknown.
Symantec engineers said, if the GhostShell team’s claims are true, the end number of victims will likely range in the millions, in a threat advisory on the attacks.
“Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher,” read the advisory.
Leaked personally identifiable information varied site by site, but included everything from victims’ email addresses, usernames, physical addresses, telephone numbers, Skype names and dates of birth.
It is currently unclear if the group’s claims are true. Business Insider contacted a number of the leaked email addresses to try and confirm the breach, but had not received replies at the time of publishing.
However, GhostShell’s past activities lend credence to the claim. The group was mainly active in 2012, and has claimed responsibility for a series of high profile strikes.
In October 2012 the group claimed responsibility for a series of strikes on the world’s top 100 universities.
The attacks saw the Ghostshell group post 120,000 students’ information online and were designed to protest against tuition fees and the alleged “falling quality of education.”
Team Ghostshell later dumped 1.6 million accounts and records from numerous US government departments including ESA, NASA, Pentagon, Federal Reserve and the FBI in December the same year.
It is currently unclear why GhostShell re-emerged to target a seemingly random collection of websites.
However, the Symantec researchers said the varied victim base indicates the GhostShell attacks were intended as a public display to remind the security community they are still active.
“From first appearances, the recently released list of hacked websites seems to be random and there is no indication that any particular country or sector is being targeted. The group is more than likely hacking websites that are vulnerable,” read the threat advisory.
GhostShell also took the time to call out the security firm FireEye in one of its tweets, adding further credence to Symantec’s theory the attacks are a PR stunt.
FireEye is a targeted attack specialist firm that has helped uncover and investigate numerous high profile attacks, including the famous 2014 Sony breach.
The Sony attack occurred in 2014 and saw hackers, believed to stem from North Korea, leak vast amounts of Sony Entertainment Pictures internal data online.