Extortion Campaign Targeting Online Shops Threatens to Sell Customer Database Unless Ransom is Paid
Cyber thieves are putting up for sale on a public website more than two dozen SQL databases of e-commerce platforms from across the globe.
The unnamed hackers breached unsecure servers of multiple online shops, copied their content and left a ransom note:
“To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address xxxxxxxYHxxxxxxx and contact us by Email with your Server UP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx, classic models, xxxx, if we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise”.
According to Bleeping Computer, some of the wallets used by the bad actors have already received a combined total of BTC 5.8 (about $51,000) in about 100 transactions.
In total, 31 databases are listed, and more than half are attributed to German-based online stores. However, multiple e-commerce platforms from the U.S., Brazil, Italy, Spain and India are also listed.
Depending on the retailer, the databases contain various inputs of personal data belonging to customers, including: email addresses, names, hashed passwords, dates of birth, gender and postal code.
Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.
While these databases might not stand out in value, the information can be used to conduct targeted phishing attacks on unsuspecting customers, and resold to multiple parties that could further leverage the data for financial gain.
Perhaps, following this extortion campaign, online vendors will start improving their security and server protection to prevent further attacks and keep customer data protected from unauthorized access.
Hackers are resilient in their attempts to capitalize on stolen data, and even if a vendor chooses to pay the “ransom”, it does not guarantee that the bad actors will cease their extortion campaign.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021