Extortion Campaign Targeting Online Shops Threatens to Sell Customer Database Unless Ransom is Paid

Cyber thieves are putting up for sale on a public website more than two dozen SQL databases of e-commerce platforms from across the globe.

AWS Builder Community Hub

The unnamed hackers breached unsecure servers of multiple online shops, copied their content and left a ransom note:

“To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address xxxxxxxYHxxxxxxx and contact us by Email with your Server UP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx, classic models, xxxx, if we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise”.

According to Bleeping Computer, some of the wallets used by the bad actors have already received a combined total of BTC 5.8 (about $51,000) in about 100 transactions.

In total, 31 databases are listed, and more than half are attributed to German-based online stores. However, multiple e-commerce platforms from the U.S., Brazil, Italy, Spain and India are also listed.

Depending on the retailer, the databases contain various inputs of personal data belonging to customers, including: email addresses, names, hashed passwords, dates of birth, gender and postal code.

While these databases might not stand out in value, the information can be used to conduct targeted phishing attacks on unsuspecting customers, and resold to multiple parties that could further leverage the data for financial gain.

Perhaps, following this extortion campaign, online vendors will start improving their security and server protection to prevent further attacks and keep customer data protected from unauthorized access.

Hackers are resilient in their attempts to capitalize on stolen data, and even if a vendor chooses to pay the ‘ransom’, it does not guarantee that the bad actors will cease their extortion campaign.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Alina Bizga. Read the original post at: