A group of hackers listed the trove of data for sale on two separate online forums on November 26th and 27th, 2022. The exposed data includes people’s contact information and shipment details. We assume the group potentially breached a single point of failure in a software provider to gain unauthorized access to a supply chain of different logistics companies, exfiltrating a range of personal data and shipping records in the process.This theory would explain the wide range of companies exposed. According to the posts, visitors could buy a dataset of customer and employee information, taken from one of the leaked companies, for the price of 1BTC (equivalent to around US$17,000 at the time of writing). Interestingly, graphics accompanying each of the hackers’ posts suggested the databases were part of a Black Friday sale. The group listed 1.1 million records for sale in total. They only shared a small sample of data in the forum. As such, our researchers could not accurately determine whether each exposed record affects 1 person, or whether more or less than 1.1 million individuals are impacted by this breach. Note that we only analyzed sample files to verify the data in accordance with ethical standards and our data privacy rules. You can see the posts, featuring lists of the companies affected, in the screenshots below. The group of hackers also posted screenshots that revealed the type of data exposed in the breach. Employees’ exposed data included:
Full names Addresses* Phone numbers
*We’re uncertain whether exposed employee addresses are home or work addresses. Customers’ exposed data included:
Full names Shipping details (incl. sender’s address, receiver’s address, phone numbers, no. of packages, and more)
You can see evidence of datasets containing customers’ and employees’ information below. Notably, some Israeli delivery companies suffered cyberattacks in recent days. According to the Israeli government’s cyber bodies, Iranian actors potentially caused these other attacks. However, we don’t know if these other incidents are linked to the data we found online.
Potential Impacts
Criminals could use shipping records to intercept valuable packages, and threaten, trick, or blackmail courier employees into handing them over. Cybercriminals could also use personal details like full names, addresses, and contact information to target people with phishing attacks and scams.
What Should You Do if You Think You’re Affected?
You may want to take some steps to protect yourself if you’ve used one of the compromised logistics services, or you fear that your data has been leaked. You should ignore any suspicious SMS messages and calls and avoid providing personal information over the phone. Only give out your personal data to a trusted source for a legitimate reason. To avoid falling victim to attacks, educate yourself about phishing attacks, scams, malware, and other forms of cybercrime.
What Are Unethical Hackers Sharing Online and Why Should You Care?
While we’ve grown accustomed to discovering data breaches in Telegram groups and darknet forums, sometimes hackers hide in plain sight. Hackers communicate with one another through the clearnet to share information, organize cyberattacks, and talk about data breaches. Hackers use anonymous forums and text channels to post about cyberattacks and data breaches, often long before the incidents are publicly known. Our cybersecurity researchers scour these online spaces to find out about the latest data leaks. By reporting on them, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data.