A cybercriminal is leaking sensitive data belonging to Weee! customers on an underground forum, which could be used for the purposes of identity theft.
BleepingComputer reported that earlier this week, a threat actor under the alias “IntelBroker” took to the Breached hacking forum and posted a thread stating that they’re leaking “a database of 11 million customers belonging to the Saywee”.
The database was allegedly stolen this month and contains plenty of sensitive information, such as full names, email addresses, phone numbers, the type of endpoint used to engage with the platform (PC, Android, or iOS), order notes, as well as other platform-specific data.
TechRadar Pro needs you! (opens in new tab)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Payment data not exposed
The company later confirmed the theft of the data to the media, while researchers argued that the number of affected individuals is not as big as advertised in the forum thread.
> What is a data breach scanner, how does it work, and why does your business need one? (opens in new tab)
> Top background check services hit by data breach (opens in new tab)
> These are the best endpoint protection software around (opens in new tab)
Speaking to BleepingComputer, the company said: "We recently became aware of a data breach that has affected some customer information. We can confirm that no customer payment data was exposed as Weee! does not retain any customer payment information in our databases."
"For customers that placed an order between July 12, 2021 and July 12, 2022, information such as name, address, email addresses, phone number, order number and order comments may have been impacted," the company told the website.
"We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed."
At the same time, Troy Hunt from Have I Been Pwned, a website that tracks compromised email addresses, claims the database actually holds 1.1 million unique email addresses, and not 11. The remaining 9.9 million are most likely duplicates.
Weee! is a North American Asian and Hispanic grocery store, claiming to be the biggest of its kind in the country. It delivers food in 48 US states and has warehouses all over the nation.
- Here's what we think are the best firewalls (opens in new tab)
Via: BleepingComputer (opens in new tab)