Headline
Data of Israeli Employees from 29 Logistics Firms Sold Online
By Waqas The 50GB worth of data is currently being sold on two clear web forums with a price tag of 1 BTC per database. This is a post from HackRead.com Read the original post: Data of Israeli Employees from 29 Logistics Firms Sold Online
A group of hackers has posted a trove of approximately 50GB of data for sale on two online forums and a Telegram group. The data was posted on 26 and 27th November 2022. This was revealed to Hackread.com by researchers at VPNMentor.
A probe into the incident revealed that the data belonged to 29 Israeli transportation, logistics services and forwarding firms. Researchers believe that the hackers breached a software provider’s single point of failure, gained unauthorized access to these logistics firms’ supply chains, and exfiltrated a trove of personal data and shipping records.
50 GB of Israeli Firms’ Data on Sale
Hackers have posted the stolen data for sale. Visitors can buy a complete employee and customer information dataset from the targeted companies. The per-database rate is 1 BTC, which equals $17,000. An analysis of the graphics associated with these posts revealed that the data is part of a Black Friday Sale.
Previously, when some Israeli delivery firms were targeted in cyberattacks, the Israeli government’s cyber agencies named Iranian threat actors as the perpetrators. However, it is unclear if the same actors are responsible in this instance.
Details of Leaked Data
According to VPNMentor’s blog post, exposed data includes contract details and shipment information of the affected Israeli firms. The hackers have listed 1.1 million records for sale on different online forums. It seems like they have shared a small sample of data.
Whether 1 record represented 1 person or 1.1 million people were impacted in this data breach couldn’t be determined. The exposed information includes full names, addresses, and contact numbers.
Researchers were unsure whether the exposed addresses were work or home addresses. Customers’ exposed data includes full names and shipping details (sender and receiver’s addresses, number of packages, contact numbers, etc.).
Screenshot provided by VPNMentor shows post by hackers and what’s in the data.
Possible Dangers
These records can be exploited to intercept packages or blackmail/threaten courier firms’ employees into handing over valuable shipments. Threat actors can use personal data such as full names or contact details to target people with scams and phishing attacks.
Customers of these firms should be wary of suspicious SMS messages and calls and do not share personal information via phone. They should reveal sensitive data only to a trusted source only when necessary.
- Australian Trading Giant Exposed 60GB of User Data
- MyEasyDocs Exposed 30GB of Israeli Students’ PII Data
- Iranian hackers leak a trove of Israeli LGBTQ dating app data
- Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data
- Logistics giant exposes customer data, Lolz at researchers when alerted
I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism