A hack-and-export campaign targets poorly secured databases of customer information that can be used for further attacks
Customer databases have been stolen from a number of e-commerce websites from multiple continents. An unknown seller offers at least 1.62 million lines of personal information for sale on a public website. The online stores based in Germany, the United States, Brazil, Italy, India, Spain and Belarus have also received ransom notes as cybercriminals threaten to disclose the data if retailers fail to pay within 10 days.
According to BleepingComputer, who broke the story and listed some of the hacked traders, the loot may be far larger than what was offered for sale. The information sucked varies depending on the looted retailer and includes email addresses, hash passwords, mailing addresses, gender, and date of birth.
Cyber criminals can use this personal information (PII) for all types of nefarious activities, including identity theft or targeted phishing attacks. The least you can do as a customer is to change your password on the websites and look for suspicious emails.
It remains unclear who the thieves are, but apparently they are targeting unsecured or poorly secured servers that can be found on the public Internet. They have copied the store's SQL databases and are now requesting a ransom of 0.06 bitcoin (currently around $ 537) within 10 days if they do not publish or use the data at their discretion.
The attackers also offer unspecified evidence that could be assumed to be a sample of the data. Some of the stores may have taken their word for it, as the hackers' BTC wallets recently registered transactions of 5.8 bitcoin (around $ 52,000).
Speaking of which, paying the ransom to a cybercriminal can prove to be a leap of trust, because you can't know if he'll resell your data even if he returns it. Ransomware victims may have a puzzle similar to that described in this article.
BleepingComputer estimates that around 31 stolen databases have been put up for sale. Based on the number of abuse reports filed against the hackers' Bitcoin addresses, the website believes this is only a fraction of the total. The latest database is from March and each listing contains a sample of the data so potential buyers can check the goods.
Given the wealth of personal information they may store with their customers, ecommerce websites are an important target for bad actors. Hack-and-extort campaigns are by no means a novel approach, and high-profile incidents have affected well-known names in the entertainment industry, including HBO in 2017. A few days ago, an entertainment law firm fell victim to a similar attack.
Amer Owaida May 26, 2020 – 8:44 pm