A hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.
The notorious IntelBroker hacker has claimed responsibility for breaching Experience Engine, a UK-based company that provides experiential marketing and promotional staffing services. The hacker, who was previously linked to several high-profile data breaches, is now selling the allegedly stolen data on Breach Forums, demanding payment in Monero (XML) cryptocurrency to remain anonymous and untraceable.
Who is Experience Engine?
Experience Engine, founded over 20 years ago, specializes in creating experiential marketing and promotional staffing solutions. With a global reach and a client base that includes major corporations; they work across sectors such as tech, public sectors, and fast-moving consumer goods (FMCG) brands, offering a network of over 1,200 “Experience Engineers™.”
These professionals are tech-trained to help businesses engage with customers through activations, events, and brand ambassador roles. The company claims to offer access to over 200,000 properties worldwide, focusing on integrating campaigns and humanizing complex technological messages for brands.
The Alleged Breach
According to IntelBroker, the breach occurred in September and involves a trove of sensitive data. The hacker is also offering to sell entire .bak database files, which contain a large amount of client and transactional information. IntelBroker has even provided sample data, which includes details from tables such as dbo.invoice
and dbo.booking_backup
, containing thousands of rows of sensitive records.
One of the notable tables, dbo.invoice
, includes 31,000 rows of data, with fields such as InvoiceID, InvoiceNumber, and InvoiceDate, alongside client-specific information such as contact details and invoice amounts. For instance, one invoice dated October 3, 2006, references Thomas Cook, a now-defunct global travel group, headquartered in the United Kingdom with payment details and banking information related to a booking at the now permanently closed Thirty Thirty New York City Hotel.
Another table, dbo.booking_backup
, contains 784,000 rows of data, featuring sensitive customer information such as names, addresses, emails, booking histories, and revenue data. Among the entries are details of clients from the UK, United States, and Saint Lucia, with personal information, email addresses, and booking records all included.
The data sample provided by IntelBroker reveals alarming details of the alleged breach. The exposed data includes highly sensitive information, including financial transactions, customer contact details, and bank account numbers.
For instance, a sample from the dbo.invoice
table analyzed by the Hackread.com research team shows details of an invoice amounting to $4699.36, with full banking details for the recipient. The booking records reveal customer names, addresses, and even room revenue from bookings, which can put individuals’ privacy and financial security at risk.
Moreover, the nature of the alleged data breach suggests that Experience Engine’s security protocols may have been insufficient to prevent this large-scale leak. Given that the company manages promotional staffing and experiential campaigns for global brands, the impact on their reputation could be severe.
IntelBroker’s Dark History
IntelBroker is no stranger to the hacking world. The hacker has been linked to several high-profile breaches, including the following organisations:
Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.
The alleged breach of Experience Engine adds another company to IntelBroker’s cybercrime portfolio. With millions of sensitive records potentially exposed, the fallout from this breach could have long-lasting consequences.
Hackread.com has reached out to Experience Engine for comment. If and when the company responds the article will be updated accordingly. Stay tuned!
RELATED TOPICS
- UK’s Freecycle Data Breach Impacts 7 Million Users
- Exposed ICS in the US, and UK Threaten Water Supplies
- NCA Arrests Teenager in Walsall Over TfL Cyber Attack
- IntelBroker Apple Breach: Steals Source Code for Internal Tools
- UK Criminal Records Office Down in Potential Ransomware Attack