Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Threat actors are offering for sale more than two dozen SQL databases belonging to e-commerce websites for different countries.

Hackers are offering for sale more than two dozen SQL databases stolen from online shops from multiple countries.

Threat actors have compromised insecure servers exposed online and after copying the content of their websites they left a ransom note.

Some of the databases are dated as 2016, but data starts from March 28, 2020.

Crooks’ demand is BTC 0.06 ($485 at current price), they threaten to leak the content of the database if the victims don’t pay the ransom in 10 days.

Crook

The ransom notes observed in this campaign include a couple of wallets that received more than 100 transactions for a total of BTC 5.8 ($47,150 at current price).

“The number of abuse reports for these two wallets is over 200, the oldest being from September 20, 2019. The most recent one is from May 20 and this month alone there were nine reports, indicating that the actor is highly active.” reported BleepingComputer.

“It is important to note that the hacker may use more than the wallets found by BleepingComputer.”

The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data.

Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Italy, India, Spain, and Belarus.

The hacked stores were running Shopware, JTL-Shop, PrestaShop, OpenCart, Magento v1 and v2 e-commerce CMSs.

The databases contain a total of 1,620,000 rows, exposed records include email addresses, names, hashed passwords (e.g. bcrypt, MD5), postal addresses, gender, dates of birth.

It isn’t the first time that crooks target unprotected databases, experts observed several attacks targeting unprotected MongoDB installs.

Pierluigi Paganini