Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Threat actors are offering for sale more than two dozen SQL databases belonging to e-commerce websites for different countries.

Hackers are offering for sale more than two dozen SQL databases stolen from online shops from multiple countries.

Threat actors have compromised insecure servers exposed online and after copying the content of their websites they left a ransom note.

Some of the databases are dated as 2016, but data starts from March 28, 2020.

Crooks’ demand is BTC 0.06 ($485 at current price), they threaten to leak the content of the database if the victims don’t pay the ransom in 10 days.


The ransom notes observed in this campaign include a couple of wallets that received more than 100 transactions for a total of BTC 5.8 ($47,150 at current price).

“The number of abuse reports for these two wallets is over 200, the oldest being from September 20, 2019. The most recent one is from May 20 and this month alone there were nine reports, indicating that the actor is highly active.” reported BleepingComputer.

“It is important to note that the hacker may use more than the wallets found by BleepingComputer.”

The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data.

Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Italy, India, Spain, and Belarus.

The hacked stores were running Shopware, JTL-Shop, PrestaShop, OpenCart, Magento v1 and v2 e-commerce CMSs.

The databases contain a total of 1,620,000 rows, exposed records include email addresses, names, hashed passwords (e.g. bcrypt, MD5), postal addresses, gender, dates of birth.

It isn’t the first time that crooks target unprotected databases, experts observed several attacks targeting unprotected MongoDB installs.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase