Customer Data of PrestaShop, Panorabanques for Sale as New Fraud Services Emerge

SOCRadar’s Dark Web Team has observed new activity across hacker forums, with threat actors advertising alleged data breaches and cybercrime services. Recent posts claim to offer millions of customer records from platforms like PrestaShop and Panorabanques. Meanwhile, underground developers are promoting new tools and services for fraud automation, bulk SMS delivery, and credential harvesting. Here’s a breakdown of the latest findings.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of PrestaShop is on Sale

SOCRadar Dark Web Team detected a new hacker forum post advertising the alleged database of PrestaShop, an open-source e-commerce platform. The threat actor claims to have breached 21.3 million customer records and shared a SQL schema sample showing PII such as full name, company, address, phone, VAT number, DNI, and customer IDs.

The post offers the “full data” via Telegram and credits another actor for the breach. If valid, the dataset could enable identity theft, fraud, and targeted phishing campaigns against PrestaShop customers and merchants.

Alleged Customer Database of Panorabanques is on Sale

SOCRadar Dark Web Team detected a new underground forum post advertising the alleged database of Panorabanques, a banking comparison platform and subsidiary of the M6 Group. The threat actor claims the breach includes over 2.2 million customer records.

According to the listing, the dataset contains sensitive information such as full names, email addresses, phone numbers, physical addresses, income, outgoings, profession, bank details, residence, and family situation. The actor credited with the breach shares contact details in the post. If valid, the exposure poses risks of fraud, identity theft, and financial exploitation against affected users.

A New Alleged SMS Service is Detected

SOCRadar Dark Web Team detected a new underground service offering real (non-VoIP) SMS numbers and one-time messages across more than 50 countries, including the US, UK, Russia, China, Kazakhstan, and Ukraine. The platform advertises flexible rental options ranging from 5 minutes to 3 months, with API integration for automation and bulk order discounts.

New Development Service is Detected

SOCRadar Dark Web Team detected a new underground advertisement promoting a development service for automation and security tools. The actor introduces himself as an experienced Python developer offering custom checkers, brute-forcers, and Telegram bots designed for various operations.

The service highlights customized solutions, high performance, and anonymous delivery, with examples including tools for account validation, card and database checks, API brute-forcing, and spam or monitoring bots. Contact is provided via Telegram, with claims of fast turnaround and reasonable pricing.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.