A cybercriminal is leaking sensitive data belonging to Weee! customers on an underground forum, which could be used for the purposes of identity theft.
BleepingComputer reported that earlier this week, a threat actor under the alias “IntelBroker” took to the Breached hacking forum and posted a thread stating that they’re leaking “a database of 11 million customers belonging to the Saywee”.
The database was allegedly stolen this month and contains plenty of sensitive information, such as full names, email addresses, phone numbers, the type of endpoint used to engage with the platform (PC, Android, or iOS), order notes, as well as other platform-specific data.
Payment data not exposed
The company later confirmed the theft of the data to the media, while researchers argued that the number of affected individuals is not as big as advertised in the forum thread.
Speaking to BleepingComputer, the company said: “We recently became aware of a data breach that has affected some customer information. We can confirm that no customer payment data was exposed as Weee! does not retain any customer payment information in our databases.”
“For customers that placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order comments may have been impacted,” the company told the website.
“We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed.”
At the same time, Troy Hunt from Have I Been Pwned, a website that tracks compromised email addresses, claims the database actually holds 1.1 million unique email addresses, and not 11. The remaining 9.9 million are most likely duplicates.
Weee! is a North American Asian and Hispanic grocery store, claiming to be the biggest of its kind in the country. It delivers food in 48 US states and has warehouses all over the nation.
Via: BleepingComputer (opens in new tab)