Contents:
Weee!, a US-based grocery delivery platform, had been the victim of a cyberattack resulting in the data leakage of 11 million customers. Some of the logs included door codes that couriers use to enter buildings.
Weee! is an online platform for grocery delivery that focuses on Hispanic and Asian cuisine. The delivery platform states that its app has been downloaded more than 2.6 million times and is active across the majority of the United States.
Details on the Leak
In the recent leak announcement, the threat actor refers to the victims as “Sayweee.”, however, this is the name of the platform’s website. According to the threat actor, the data from the breach was stolen from the platform in February 2023.
Weee! Leak Published by Threat Actor (Source: Cybernews)
It also claims that the leak contains sensitive data, such as users’ first names, last names, emails, phone numbers, addresses, delivery types, devices, and dates. The database essentially provides all the information required to deliver groceries. Some of the records, for instance, contain delivery notes that Weee! users left for couriers, such as codes for entering homes or offices.
Cybernews reached out to Weee! for a comment on the current situation, but the grocery delivery company is yet to respond.
How Threat Actors May Use the Data?
Because the leak supposedly contains personal identifiable information (PII), hackers have numerous ways to abuse the data. Attackers can expose user identities on other online services by using the database to match first and last names with precise email addresses.
Users are more likely to be the subject of targeted frauds, spear phishing attempts, tracking, and unwanted contact if their home addresses are made public. Meanwhile, exposed phone numbers could be exploited for phishing, fraud, impersonation, and marketing.
In severe circumstances, attackers may use PII to aid in attempts to conduct identity fraud.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.