Data Breach Summary
In a concerning security breach, dukes.zvendostore.com, an online store specializing in men’s fashion in Indonesia, experienced a compromise of sensitive customer data. This breach was detected by our diligent dark web scanning team at InsecureWeb on July 1, 2023. The responsible hacker, known as “sumo,” disclosed the stolen data on the dark web forum “Cronos.”
The breach involved unauthorized access to a database containing a significant amount of sensitive information from dukes.zvendostore.com. The compromised data includes customer IDs, customer group IDs, default address IDs, email addresses, email canonicals, first names, last names, birthdays, genders, phone numbers, company codes, company names, Firebase data, Firebase device tokens, delete account status, Odoo customer IDs, and Odoo partner invoice IDs.
Where and How?
This breach predominantly occurred on the dark web forum “Cronos,” notorious for hosting illicit activities such as data breaches and the trade of stolen information. The hacker, “sumo,” played a prominent role in disclosing the compromised customer data, which encompassed sensitive information associated with dukes.zvendostore.com.
Further investigation revealed that the breach targeted the customer-oriented database of dukes.zvendostore.com. Unauthorized access allowed the hacker to obtain and compromise significant customer details, including customer IDs, email addresses, contact information, personal attributes such as birthdays and genders, and other relevant data.
A Screenshot of the data can be found below:
Company Data Breach History
To date, there is no known history of security breaches reported for dukes.zvendostore.com. However, this breach serves as a reminder of the increasing risk faced by online fashion retailers, underscoring the importance of robust security measures to safeguard sensitive customer data.
dukes.zvendostore.com is actively addressing the breach, working closely with cybersecurity experts to investigate the incident thoroughly. Their objective is to identify any vulnerabilities, reinforce their security protocols, and prevent future breaches that could compromise customer data integrity and erode public trust
Recommendations for Personal Data Protection
How Users Can Protect Their Information
To protect their personal information and accounts from being compromised, users should take the following steps:
– Change their passwords frequently, with a combination of letters, numbers, and symbols.
– Enable two-factor authentication whenever possible.
– Use unique passwords for each account, to prevent hackers from accessing multiple accounts with the same password.
– Be cautious of suspicious emails or messages, as they may contain phishing links that can compromise their accounts.
– Regularly monitor their accounts for any suspicious activity.
What is InsecureWeb?
InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet. InsecureWeb notifies users and enterprises when their data has been found online and helps them mitigate the impact.