1.4 Million Autotrader Users Exposed, Data Posted on Dark Web


The database of 1.4 million users belonging to Autotrader, a US-based online marketplace for car buyers and sellers, has been leaked on the dark web. On a hacker forum, a post shared by IntelBroker claimed to have information such as id, brand, model, email, name, address, etc, of the company. IntelBroker has earlier been linked to the Endurance ransomware gang.

Screenshot of the post claiming to have Autotrader data
Screenshot of the post claiming to have Autotrader data

In the post, the hacker stated that they stole system data from the online car trading company headquartered in Atlanta, Georgia, United States. The cybercrime, according to the post, took place in January 2023 when the cybercriminals exfiltrated the data of 1.4 million users.

On January 6, 2023, IntelBroker, uploaded the stolen data for potential buyers to download. They have data related to car models, type, VIN, mileage, site link, etc.

Endurance ransomware gang recently put on sale stolen data from the Swedish vehicle manufacturer Volvo cars. The gang put a price of $2,500 on the vehicle data, which was asked in the XMR cryptocurrency.

This is likely the gang’s second automobile victim.

The US Federal government has been tracking the fraudulent activities of the IntelBroker, which acts as a vendor that sells stolen data on the dark web. They put on sale the data from Selix marketplace which is an eCommerce software. Their other victims include TheBodyShop Indonesia and Dr. Martens, which are small businesses in the retail sector.

https://i0.wp.com/www.secplicity.org/wp-content/uploads/2022/11/DrMartens-EDIT-960x412.png?resize=960%2C412&ssl=1

Screenshot of the leak site post of Dr Martens (Source: Secplicity)

This cybercriminal tends to make individual posts about data on sale. The earlier advertisement for Dr Martens data read that it was on sale for $3000. The group claimed to have exfiltrated source code, allure reports, backend configuration, etc. As per reports, the hacker put the data on sale after the company declined their ransom demand.

https://i0.wp.com/www.secplicity.org/wp-content/uploads/2022/11/TheBodyShop-EDIT-960x615.png?resize=960%2C615&ssl=1

Screenshot of the selling of TheBodyShop Indonesia data (Source: Secplicity)

Earlier in November, the group targeted TheBodyShop Indonesia and demanded a ransom of $5500 for the encryption of the data. However, when the demand was not met, the hacker reduced the amount to $1000 in monero cryptocurrency for buyers on the dark web.





Source link