Millions of MyDeal users have data sold online after breach
>
Australian retail marketplace MyDeal has confirmed it has suffered a data breach that has affected more than two million of its customers.
The company contacted all affected customers to explain the incident and said an unknown attacker had compromised its systems and had access to customer identity data.
According to BleepingComputer (opens in new tab)does the threat actor have the credentials for MyDeal’s Customer Relationship Management (CRM (opens in new tab)) platform and used it to extract sensitive data from approximately 2.2 million users.
MyDeal data sold
That data includes names, email addresses, phone numbers, postal addresses and, for some, dates of birth. For a smaller subset of users (1.2 million), the hackers only managed to obtain email addresses.
While details about the culprits are scarce, it’s clear what they’re doing with the data: They’re trying to sell on an underground forum for $600.
According to the company, the number of entries in the database, which is still being parsed by the attacker, currently stands at over a million, and the number is expected to rise.
To prove the authenticity of the attack, the attackers posted screenshots of MyDeal’s Confluence servers, as well as the Single Sign-On (SSO) prompt for his account with Amazon Web Services (AWS). (opens in new tab)).
MyDeal also said the attackers did not obtain any payment information, identification documents or passwords. Still, it suggests that users reset their passwords anyway. Such an attack would not have been prevented even with the best password managers.
MyDeal is an Australian retail marketplace that aims to connect local retailers with potential shoppers.
It was acquired by Woolworths in September 2022, but the supermarket chain claims its systems are on a different platform and thus are completely safe from the attackers.
While scammers may not have been given payment details or passwords, they still have enough information for identity theft (opens in new tab) or phishing attacks, so users are urged to remain vigilant.