Crooks threaten to leak customer data stolen from e‑commerce sites

Crooks threaten to leak customer data stolen from e‑commerce sites

A hack-and-extort campaign takes aim at poorly secured databases replete with customer information that can be exploited for further attacks



A number of e-commerce websites from multiple continents have had their customer databases stolen as an unknown seller is offering at least 1.62 million rows of personal records for sale on a public website. The online stores – based in Germany, the United States, Brazil, Italy, India, Spain, and Belarus – have also received ransom notes, with the cybercriminals threatening to release the data if the retailers don’t pay up within 10 days.


According to BleepingComputer – which broke the story and listed some of the hacked merchants – the loot may actually be far larger than what has been put up for sale. The siphoned information varies depending on the ransacked retailer and includes email addresses, hashed passwords, postal addresses, gender and dates of birth.


Cybercriminals can use this Personally Identifiable Information (PII) for all manner of nefarious activities, including identity theft or targeted phishing attacks. The least you as a customer can do is to change your password on the site(s) and keep an eye out for suspicious emails.


It remains unclear who the thieves are, but apparently they targeted unsecured or ill-secured servers that can be found on the public web. They copied the stores’ SQL databases and now demand a ransom of 0.06 bitcoin (some US$537 at today’s rate) within 10 days on pain of publishing or using the data as they see fit.


The attackers also offer unspecified proof, which one might assume is ..

Support the originator by clicking the read the rest link below.