iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The personal data of nearly 10,000 customers of an online retailer is up for sale on a popular hacking forum.
A spokesperson for the online retailer SnatchDeal has confirmed the company is aware of a data breach impacting 9,600 of its customers.
The customers’ details were posted for sale on a popular clear web hacking forum on 26 July by a user called lXXXl.
The apparent hacker did not offer much editorial on the data, noting only what data was included in the leak: Bill-to name, ship-to name, billing address, shipping address, shipping information, customer email, payment method, and risk assessment.
The “risk assessment” data appears to refer to data collected by FraudLabs Pro, an “advanced fraud prevention solution” designed to protect businesses from payment fraud. This data is quite extensive, with dozens of fields monitoring where the customer is purchasing from, how they’re paying, and if they may be accessing a site with a device infected by malware.
Much of the data is fields of numeric values that have no relation to personal data. However, the risk assessment information also includes the customers’ ISP and IP address, mobile connection information, and whether or not a connection is prepaid or not.
Other data included payment type and the version of FraudLabs Pro being used by SnatchDeal.
Cyber Daily confirmed the user emails belonged to valid accounts on the SnatchDeal website and contacted the retailer.
A spokesperson said the company was aware of the data breach, it had been “dealt with” and that all user passwords had been reset.
SnatchDeal declined to offer a written comment, however, and did not confirm whether its customers were aware of the incident.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
