Over a million Weee! customers have had their data breached

Data Breach
(Image credit: Shutterstock)

A cybercriminal is leaking sensitive data belonging to Weee! customers on an underground forum, which could be used for the purposes of identity theft.

BleepingComputer reported that earlier this week, a threat actor under the alias “IntelBroker” took to the Breached hacking forum and posted a thread stating that they’re leaking “a database of 11 million customers belonging to the Saywee”. 

The database was allegedly stolen this month and contains plenty of sensitive information, such as full names, email addresses, phone numbers, the type of endpoint used to engage with the platform (PC, Android, or iOS), order notes, as well as other platform-specific data.

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Payment data not exposed

The company later confirmed the theft of the data to the media, while researchers argued that the number of affected individuals is not as big as advertised in the forum thread.

Speaking to BleepingComputer, the company said: "We recently became aware of a data breach that has affected some customer information. We can confirm that no customer payment data was exposed as Weee! does not retain any customer payment information in our databases." 

"For customers that placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order comments may have been impacted," the company told the website.

"We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed."

At the same time, Troy Hunt from Have I Been Pwned, a website that tracks compromised email addresses, claims the database actually holds 1.1 million unique email addresses, and not 11. The remaining 9.9 million are most likely duplicates. 

Weee! is a North American Asian and Hispanic grocery store, claiming to be the biggest of its kind in the country. It delivers food in 48 US states and has warehouses all over the nation. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.