Weee!, a US-based online grocery delivery platform, had delivery data of 11 million customers leaked online. Some logs include door codes that couriers use to enter buildings.
The attacker uploaded a database with information on 11 million Weee! customers. The Cybernews research team confirmed that the leak appeared to be composed of data that didn’t appear in previous leaks.
The threat actor who posted the database claims that the database was stolen in February 2023. The attacker who posted the database appears to be the same person who leaked stolen data from mobile carrier US Cellular.
In the recent leak announcement, the attacker calls the victim “Sayweee.” However, ‘Sayweee’ is the name of the platform’s website. Weee! is an online grocery delivery platform specializing in Hispanic and Asian foods. The delivery platform operates throughout most of the United States and boasts its delivery app was downloaded over 2.6m times.
The threat actor claims the leaked database includes sensitive data, such as users’ first names, last names, emails, phone numbers, home addresses, delivery types, devices, and dates.
In essence, the database offers all information necessary to deliver groceries. For example, some of the logs include delivery notes that Weee! customers left for couriers, such as codes to enter residential or office buildings.
The company confirmed the breach to Cybernews on February 8, adding that no customer financial data was exposed.
The supposed leak includes personal identifiable information (PII) that hackers can abuse in numerous ways. Attackers can use the database to match first and last names with accurate email addresses, exposing user identities on other online services.
Exposed home addresses put users at a heightened risk of targeted scams, spear phishing campaigns, tracking, and unwanted contact. Meanwhile, leaked phone numbers could be used for marketing purposes, phishing, impersonation, and fraud.
In extreme cases, PII information could help attackers in attempts to commit identity fraud.
Your email address will not be published. Required fields are markedmarked