KillSec claims to have hacked OneDayOnly

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
13,721
Reaction score
11,483
Location
The Rabbit Hole
Popular South African online store hit by data breach

Hacking group Kill Security (KillSec) has claimed to have breached South African e-commerce retailer OneDayOnly, extracting private contact information, account contact details, and payment methods from the online store.

The post on KillSec's dark web site announcing the breach circulated on Twitter/X, with the group planning to publish the stolen data within a week.
 
So glad I deleted my account because of all the damned emails I received from them just by logging in.

Never bought anything though as far as I know. Even if they have payment details, it's useless as I have changed banks twice since then.
 
So glad I deleted my account because of all the damned emails I received from them just by logging in.

Never bought anything though as far as I know. Even if they have payment details, it's useless as I have changed banks twice since then.
Heh, knowing how these types of systems are written, I have a feeling your account isn't deleted, the "active" flag is just set to "false". All your details and past purchases are probably still in the database.
 
OneDayOnly confirmed to MyBroadband that it experienced a security incident relating to certain information on a cloud storage folder.

“We are currently conducting an investigation and will be liaising with the relevant authorities and affected data subjects,” it said.

However, it emphasised that no customer data was involved.

“We can confirm that no personal customer data or financial information is involved,” said OneDayOnly.

“Sensitive data pertaining to our customers is hosted by a separate cloud provider that is not impacted in this incident,” said OneDayOnly.

They use two separate cloud providers in this context? I think they are in the mind that their website (and its database) and ERP aren't hosted on the server/network.

I do have personal data contained within their website database.

Anyhow, this is the typical, "our customers aren't exposed", response by OneDayOnly. For legal reasons.
 
So glad I deleted my account because of all the damned emails I received from them just by logging in.

Never bought anything though as far as I know. Even if they have payment details, it's useless as I have changed banks twice since then.

How did you get that right? I have never seen a "delete" account on ODO before?
 
Publish the data whether they pay or not.
 
Top
Sign up to the MyBroadband newsletter