Alleged Leaks Affect Millions: VK, BMW Hong Kong, Shopee Logistics, and More
The SOCRadar Dark Web Team has uncovered several major cyber threats on the Dark Web, including the alleged database leaks of VK, Shopee Logistics, and English Central. The leaks reportedly expose personal information of millions of users, posing significant risks to privacy and security. Additionally, unauthorized network access to the Port of Seattle is being sold, while sensitive customer data from BMW Hong Kong has allegedly been compromised. A new partnership offer for financial fraud schemes has also emerged, highlighting the evolving tactics of cybercriminals.
Receive a Free Dark Web Report for Your Organization:
The Alleged Database of VK is Leaked
SOCRadar Dark Web Team detected a post on a hacker forum where an alleged database leak of VK (VKontakte), one of Russia’s largest social networking platforms, was offered for download. The threat actor claims that the breach occurred in September 2024, exposing the personal information of hundreds of millions of users.
According to the threat actor’s claims, the leaked database contains critical user data such as IDs, names, surnames, gender, profile images, country, and city information. The threat actor also provided the file’s MD5 hash for verification purposes.
The database allegedly contains 390,425,718 records, with the compressed file size being 7.04GB and the uncompressed size reaching 27.6GB. The post invites users to download the data and thanks the community for their interest.
Alleged Unauthorized Network Access Sale is Detected for the Port of Seattle
SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged sale of unauthorized network access to the Port of Seattle. The threat actor claims to have access to a specific domain and is offering this access for a price of $5,000.
Alleged Database of Shopee Logistics is on Sale
SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged sale of a database belonging to Shopee Logistics. The threat actor claims that the database contains over 12.7 million records and is available in CSV format.
According to the threat actor, the data is sorted by country, including records from Thailand, Malaysia, Hong Kong, and other unspecified locations. The compromised data reportedly includes detailed information such as order IDs, batch numbers, recipient names, phone numbers, addresses, countries, cities, postal codes, and email addresses.
Alleged Database of English Central is on Sale
SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged sale of the English Central database, an online platform focused on English language learning. The threat actor claims to have scraped user data from 2021 to 2024, affecting over 3.8 million registered users.
According to the threat actor’s claims, the data breach occurred in August 2024. The database allegedly includes a wide range of sensitive user information such as names, account IDs, emails, registration dates, lesson statuses, Skype IDs, phone numbers, customer service agents, lead scores, countries, partner affiliations, profiles, last visit dates, payment dates, and more.
A New Partnership Searching Post is Detected
SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor is seeking a partnership with someone experienced in loans and financial fraud schemes. The post suggests that the threat actor is looking to delegate specific responsibilities to a skilled partner.
According to the threat actor’s claims, they possess a comprehensive scheme for withdrawals, which spans from initial planning to using cryptocurrencies for laundering. They also claim to have access to extensive databases from the Kyrgyz Republic and other full schemes for fraud operations.
The threat actor emphasizes that only individuals with experience in loans, particularly those familiar with U.S. regulations, should contact them. They also state that they will not respond to anonymous inquiries and request that potential partners provide a brief description of their relevant skills and experience in the initial message.
The Alleged Customer Database of BMW Hong Kong is Leaked
SOCRadar Dark Web Team detected a post on a hacker forum advertising the alleged leak of BMW Hong Kong’s customer database. The threat actor claims that this breach, which occurred in August 2024, exposed sensitive data of BMW Hong Kong customers.
According to the threat actor’s claims, the breach affects 14,057 rows of customer data, including detailed information such as vehicle make, chassis number, registration details, model series, and owner names. The compromised data also includes personal identifiers such as mobile numbers, customer preferences regarding call and SMS opt-outs, and whether the customer is a corporate entity.
The threat actor alleges that this dataset contains more information than a previously leaked version, further intensifying the potential impact on both BMW and its Hong Kong customers. The post provides a sample of the data fields, giving an indication of the scope and depth of the breach.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.