The Australian retail market, MyDeal, has confirmed that there has been a data breach that has affected more than two million of its customers.
The company contacted all affected customers explaining the incident, saying that an unknown attacker had compromised its systems and gained access to customer identity data.
According Hissing computer (opens in a new tab)a threat handler managed to obtain login details for MyDeal’s Customer Relationship Management (CRM) system (opens in a new tab)) and used it to extract sensitive data belonging to approximately 2.2 million users.
MyDeal data sold
These data included names, e-mail addresses, telephone numbers, postal addresses and, for some, dates of birth. For a smaller subset of users (1.2 million), hackers only managed to obtain email addresses.
While the details of the perpetrators are sparse, what they do with the data is clear: they are trying to sell it on an underground forum for $ 600.
According to the company, the number of entries in the database, which is still being analyzed by the attacker, currently stands at over a million, and that number is expected to grow.
To prove the authenticity of the attack, the attackers posted screenshots of MyDeal’s Confluence servers, as well as a single sign-on (SSO) prompt for their Amazon Web Services (AWS) account. (opens in a new tab)).
MyDeal also said the attackers did not obtain any payment information, ID data, or passwords. Even so, it suggests users to reset their passwords. Even the best password managers could not prevent such an attack.
MyDeal is an Australian retail market that seeks to connect local sellers with potential buyers.
It was acquired by Woolworths in September 2022, but the supermarket chain claims its systems are on a different platform and therefore perfectly safe from attackers.
While the scammers may not have gotten your payment details or passwords, they still have enough information to steal your identity (opens in a new tab) or phishing attacks, so users are urged to remain vigilant.