User information allegedly belonging to the customers of a Chinese store was found being sold on the dark web. According to sources, the Personal Identifiable Information (PII) was stolen from the Chinese e-commerce website www.pcstore.com.tw. The stolen customer details include names, emails, and gender, as well as hashed passwords.
The data being sold online could be used for launching phishing attacks or other social engineering attacks like spear phishing aimed at specific individuals or companies.
According to reports, the crime was attributed to the OKE group. However, much has not been discovered about them yet. The stolen data, which belongs to individuals from a wide range of age-group, could be misused in multiple ways, including sending malicious communications with malware links, launching ransomware attacks and moving laterally to increase its reach, and sending fraudulent bills or invoices asking for money payment.
Moreover, reports suggests that via the breach the cybercriminals were able to gain access to the customers’ order details, which is allegedly being sold on the dark web.
Samples of data sold by the OKE Group
Upon cross-referencing the found PII samples with the data from similar older leaks, it was determined that the new samples belonged to legitimate buyers and customers of the store, located in Daan district, Taipei city.
The OKE group is known to exchange data from older leaks in exchange for money with other cybercriminals. They then use the fresh data to target further specific individuals and entities based on it.
This also assists cybercriminals create a more extensive and comprehensive record of targets with recently updated data. Individuals who have changed their email address or phone number can still be targeted with phishing emails or SMSes owing to such dark web trade.
Similar data leaks and customer data trade was found in the recent Optus data leak as well. Authorities have issued warnings against cybercriminals and others looking to make quick money using the leaked data on the dark web.
According to research by NordVPN, a VPN-providing company, it was found that despite an increased number of data breaches this year, the volume of leaked data has decreased. This could be because the legal authorities monitor the dark web and take action against it.