US online grocery delivery platform leaks 11m user records
Weee!, a US-based online grocery delivery platform, had delivery data of 11 million customers leaked online. Some logs include door codes that couriers use to enter buildings.
The attacker uploaded a database with information on 11 million Weee! customers. The Cybernews research team confirmed that the leak appeared to be composed of data that didn’t appear in previous leaks.
The threat actor who posted the database claims that the database was stolen in February 2023. The attacker who posted the database appears to be the same person who leaked stolen data from mobile carrier US Cellular.
In the recent leak announcement, the attacker calls the victim “Sayweee.” However, ‘Sayweee’ is the name of the platform’s website. Weee! is an online grocery delivery platform specializing in Hispanic and Asian foods. The delivery platform operates throughout most of the United States and boasts its delivery app was downloaded over 2.6m times.
The threat actor claims the leaked database includes sensitive data, such as users’ first names, last names, emails, phone numbers, home addresses, delivery types, devices, and dates.
In essence, the database offers all information necessary to deliver groceries. For example, some of the logs include delivery notes that Weee! customers left for couriers, such as codes to enter residential or office buildings.
The company confirmed the breach to Cybernews on February 8, adding that no customer financial data was exposed.
The supposed leak includes personal identifiable information (PII) that hackers can abuse in numerous ways. Attackers can use the database to match first and last names with accurate email addresses, exposing user identities on other online services.
Exposed home addresses put users at a heightened risk of targeted scams, spear phishing campaigns, tracking, and unwanted contact. Meanwhile, leaked phone numbers could be used for marketing purposes, phishing, impersonation, and fraud.
In extreme cases, PII information could help attackers in attempts to commit identity fraud.
More from Cybernews:
Adversaries amass vast amounts of our data via commercial surveillance
Tinder rolls out Incognito Mode and blocking function
US Navy captain accused of using Facebook to humiliate civilian woman in cyberstalking campaign
Getty Images lawsuit says Stability AI misused 12m photos to train AI
Subscribe to our newsletter
Your email address will not be published. Required fields are marked