Share this article on:
An online retailer of vaping products is the alleged subject of a leak post on a clear web hacking forum.
A user on a clear web hacking forum has posted the details of a data leak they are claiming belongs to online retailer Aussie Vapes.
The hacker, who goes by the name zxcv16, claims to have an Excel spreadsheet with the details of 668,200 Aussie Vapes customers, including names, email and physical addresses, phone numbers, date of birth, and gender.
It is unknown what the poster is selling the data for, as that information is obfuscated for basic users of the forum.
The post also includes a brief list of sample datasets of 10 customers to prove that the hack is genuine, and all the details do appear legitimate. They also all have another leak in common – every one of the emails listed was part of last year’s Dymocks data breach.
This could mean several things. The simplest explanation is that if these are Aussie Vapes customers, it’s entirely possible this apparently random selection of vaping enthusiasts may be book lovers as well. However, it could also signal that this leak is not what it appears to be and is a somewhat cut-down version of the Dymocks leak being rebranded as something new and fresh.
The Dymocks breach occurred in September 2023 and affected 1.2 million customers, including 836,000 emails. Other data impacted in the breach were names, addresses, and phone numbers, as well as gender – all the same fields included in this Aussie Vapes leak.
It’s worth noting that to sign up to buy products from Aussie Vapes customers are required to complete registration and leave some personal information – but the store does not ask its customer’s gender as part of the process.
Cyber Daily has contacted Aussie Vapes for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.