A mysterious cyber entity known only as ‘Nobody’ has emerged on the dark web, boasting possession of a vast trove of confidential data from multiple organizations, including US Shop Mall, The Body Shop, and OHS Insider.
Despite not explicitly taking responsibility for any cyberattacks, ‘Nobody’ has purportedly leaked sensitive information from these companies, raising alarms about data security and the potential implications for the affected parties.
Information gathered from the screenshots posted on ‘X’ by Foresiet Threat Intelligence Feeds suggests that the Nobody data leak consists of data related to billing and shipping addresses and types, emails, payment methods, and more.
The victims of the alleged data leak, predominantly e-commerce merchants and service providers from multiple industries, present a challenge in determining which categories of websites have been most impacted by the incident.
Nobody Data Leak
The Nobody data leak consists of several CSV and SQL files, each with thousands of lines of data. Following are the organizations identified by the threat actor along with the leaked information claimed by them.
- Bermuda Sands Apparel: The North Carolina based apparel brand has allegedly fallen victim to this leak with 24775 lines of data exposed, compromising the details of 24532 of the website’s users.
- B2S Co.: Thailand based specialty chain store has got its 43080 lines of data compromised, exposing the personal details of at least 43070 users.
- Abhinav: The international immigration consultancy has lost its 527116 lines of records exposing over 60k applications of immigration visas.
- US Shop Mall: This US based ecommerce merchant has lost its 8054 lines of data exposing 6710 users details.
- The Body Shop: This is another Thai skincare brand selling cruelty-free products, which has lost 57756 lines of records exposing 22816 of its users data.
- Speed Sports: The Pakistan based sports clothing brand has lost 12274 lines of data exposing 7603 of its users details.
- OHS Insider: This US based skilled labor provider has lost 1756886 lines of records containing usernames, passwords, emails, IP addresses, logs, etc.
- CapscoMoto: The Ontario, Canada based automotive parts seller has lost 30788 lines of records exposing its 32659 users details.
- Ingrosso Regalistica: This online gifting brand has got its 5923 lines of data exposed in the Nobody data leak putting over 5700 users in a vulnerable position.
The Nobody data leak involves a significant amount of personal information such as billing addresses, email addresses, and payment methods, among others. However, none of the data leaks have been confirmed by the listed organizations.
Data Protection for Small Businesses
We have previously discussed in our reports, how crucial it is for small businesses to protect their data with affordable cybersecurity. The absence of proper cybersecurity solutions in place results in unfortunate instances like the latest Nobody data leak.
Veracode’s CISO Sohail Iqbal, highlighted in a news report, “Financially motivated adversaries view SMBs as soft targets due to their inadequate security controls and the scarcity of skilled resources at their disposal,” He added, “Small-business breaches are somewhat an overlooked and underreported arena.”
Data leaks like this one can pose serious threats to business operations. A recent study claimed that 3 out of 4 businesses that close due to cyberattacks never reopen. This statement highlights how crucial it is for small businesses to protect their data.
The necessity of strong security systems among enterprises and private users becomes even more prominent in the wake of the Nobody data leak.
It is an indication that the digital era is still not safe from new-generation cyberattacks. The safeguarding of confidential data cannot be ignored or forgotten. Vigilance and proactive security practices are vital in protecting personal and corporate data in today’s dynamic world.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
