Data Beach

MyDeal Hacked – Over 2.2M Users Data Advertised For Sell on a Hacker Forum

MyDeal, a subsidiary of the Woolworths Group disclosed a data breach that impacted more than 2.2 million customers. Reports say the hacker was attempting to sell the stolen data on a hacker forum.

In September 2020, 80% of MyDeal were acquired by Woolworths, nevertheless Woolworths was not impacted by the security breach.

“A compromised user credential was used to gain unauthorized access to its Customer Relationship Management system resulting in unauthorized access to some customer data within our network”, according to the data breach notification published by the company.

The hackers gained access to the MyDeal Customer Relationship Management (CRM) system by exploiting a user’s compromised credentials. That is the system they use to take customer support calls.

Over 2.2 Million Customers Were Impacted By the Data Breach

The company says the data breach affected 2.2M consumers and exposing information such as names, email addresses, phone numbers, delivery addresses, and in some cases, birth dates exposed in the attack.

For 1.2 million customers, only the email addresses were exposed in the breach. MyDeal stated that no customer account passwords or payment details have been compromised in this breach.

“MyDeal is contacting all affected customers by email. If you have not been contacted by MyDeal you have not had your details accessed in the incident, as the large majority of our customers are not affected by this incident”, reads the data breach notification.

Hackers Selling the Stolen Data on the Hacker Forum

Report say the hacker behind the breach began selling the stolen data on a hacking forum for $600.

MyDeal data for sale on a hacking forum

The hacker also shared screenshots of what they claim are the company’s Confluence server and a single-sign-on prompt for the company’s AWS account. Further, the hacker released samples of the stolen data, exposing the personal information of 286 alleged MyDeal customers.

As soon as the company was aware of the breach they blocked the access to all affected systems. The company notified all relevant authorities and ensure to assist with their inquiries into the matter.

Cyber Attack with Zero Trust Networking – Download Free E-Book

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

NSA Announces Retirement of Cybersecurity Director Rob Joyce

In a significant announcement from the National Security Agency (NSA), Rob Joyce, the esteemed Director…

9 hours ago

Signal Introduces Username to keep Your Phone Number More private

Signal, the privacy-focused messaging app, has introduced a significant update allowing users to keep their…

9 hours ago

Google Chrome 122 Released With Fix For Critical Security Flaws

Google has announced the release of Chrome 122, marking a pivotal moment for the popular…

15 hours ago

ScreenConnect Security Flaw Let Attackers Bypass Authentication

In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software…

17 hours ago

Authorities Warns Of North Korean Attackers Stealing Military Technologies

Threat actors target military technologies to gain a strategic advantage, access classified information, and compromise…

19 hours ago

LockBit Ransomware Infrastructre taken Down by Global Law Enforcement Agencies

In a significant blow to the global ransomware landscape, international law enforcement agencies have successfully…

1 day ago