Over the past couple of months, many underground hacking forums have witnessed multiple posts regarding the data leak of Italy-based 3P, a leading dropshipping company in the country. The posts started appearing on October 21, 2022, claiming to have hacked the company.
Drop shipping is a type of retail transaction, where the seller takes customer orders without keeping stock on hand. 3P owns the website dropshipping.3p-srl.com. The threat actors claimed to have stolen 25TB of data, and information, including the name, emails, phone numbers, zip codes, country, and more. The threat actor also shared the information on Telegram channels, where cybercriminals are contacting them to purchase the entire stock of information.
The contact address reportedly contacted the cybercriminal to purchase 25TB of data. Another underground hacking forum showed signs of the same data, including the domain. The number of qualifying data has been reported to be equal to 19,000.
3P data, a hot-selling item on underground forums
According to Red Hot Cyber, the samples in the CSV format were available in both posts and had 19,685 records in the CSV files. The files contained some crucial data on customers, even the information on the last “customer registration dates,” which is 08/11/2022, the report reads.
Since the file’s numerical IDs begin at over 21,000, the threat actors could be selling a portion of the stolen data to clients willing to purchase it. Since the data is already on sale, the original 3P website still shows an error with the message “Not configured for sales,” indicating that it is trying to figure out what went wrong on the backend.
The company has provided a contact section for people suffering from the hack. Those who wish to provide information on the matter can anonymously contact 3P using the whistleblower’s encrypted email.