Over a million Weee! customers have had their data breached
>
A cybercriminal leaks sensitive data from Weee! customers on an underground forum, which could be used for identity theft.
BleepingComputer reported that earlier this week, a threat actor under the alias “IntelBroker” took to the hacking forum Breached and posted a thread saying they were leaking “a database of 11 million customers of the Saywee.”
The database was allegedly stolen this month and contains a lot of sensitive information such as full names, email addresses, phone numbers, the type of endpoint used to contact the platform (PC, Android or iOS), order notes and other platform-specific data.
Payment details not visible
The company later confirmed the theft of the data to the media, while investigators claimed that the number of people affected is not as large as advertised in the forum thread.
Speaking to BleepingComputer, the company said, “We recently became aware of a data breach that compromised certain customer data. We can confirm that no customer payment information has been released as Weee! does not maintain any customer payment information in our databases.”
“For customers who placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order notes may have been affected,” the company told the website.
“We have notified all customers of the issue and will notify all affected customers individually if their information has become public.”
At the same time, Troy Hunt of Have I Been Pwned, a website that tracks compromised email addresses, claims that the database actually contains 1.1 million unique email addresses, not 11. The remaining 9.9 million are most likely duplicates.
Woe! is a North American Asian and Hispanic grocery store, claiming to be the largest of its kind in the country. It delivers food in 48 US states and has warehouses across the country.
Through: Beeping computer (opens in new tab)