Known data leaker posts over 500,000 customer records they say belong to JD Group and Everyshop

[Jan]

Over 500,000 Incredible, HiFi Corp, and Everyshop customer records possibly hacked

An established data leaker has posted a file in a hacker forum that they claim contains the personal records of 500,000 JD Group customers. They are effectively selling the data for $2 (R39).

JD Group is a division of Pepkor and counts several popular stores in South Africa in its portfolio — including Incredible, HiFi Corp, Sleepmasters, Russels, Bradlows, and online retailer Everyshop.

 

[Sapphiron]

How about the information regulator fines companies for the price of the records on the black market.

500k x R39 = R19.5mil

sounds about right.

 

[RedViking]

How about the information regulator fines companies for the price of the records on the black market.

500k x R39 = R19.5mil

sounds about right.

Probably R39 for everything.

 

[lkpat]

Not sure about those "home addresses". There's an address for an EL based person that exists, but it's in a business center. Maybe delivery address... not sure - it's also tied to HiFi Corp but there's no HiFi corp at that address...

 

[RedViking]

In fact, it is not the data leak that is so "shocking", but the fact that 2$ now equals R40.

 

[backstreetboy]

Everyshop has 67000 shoppers? I call bollocks.

 

[stealthhawk]

So i went on there site and saw​

Showmax.com 28K MAIL and PASS​

Lol looks like Showmax was also hacked last week, was this talked about?

 

[Jan]

So i went on there site and saw​

Showmax.com 28K MAIL and PASS​

Lol looks like Showmax was also hacked last week, was this talked about?

Already on this as well.

Doesn't look like a hack. None of our accounts are in there and all the passwords are weak. I've got money on that being the result of a bruteforce.

 

[quovadis]

Already on this as well.

Doesn't look like a hack. None of our accounts are in there and all the passwords are weak. I've got money on that being the result of a bruteforce.

You're buying these lists?

 

[RedViking]

You're buying these lists?

Acquired from a reliable source familiar with the matter.

 

[rvZA]

Already on this as well.

Doesn't look like a hack. None of our accounts are in there and all the passwords are weak. I've got money on that being the result of a bruteforce.

Agreed.

 

[itareanlnotani]

And this is why kids (or more realistically parents/older people), we don't use the same password for different sites.

 

[Jan]

You're buying these lists?

Nope. That one was free.

 

[lkpat]

Already on this as well.

Doesn't look like a hack. None of our accounts are in there and all the passwords are weak. I've got money on that being the result of a bruteforce.

Actually... I have money on it being an inside job. I had a weird profile appear on my setup so I ditched it and changed my password and not long after the profile reappeared with the same name. Still trying to figure out who it is.

 

[McGuywer]

Acquired from a reliable source familiar with the matter.

For “research purposes”.

 

[Solarion]

That's the start of their problems. Next up is the Information Regulatory board knocking on door to do an audit. That's when the pain starts.

 

[Alexander the Straight]

Everyshop has 67000 shoppers? I call bollocks.

Wonder how many accounts Takealot have, my dogs even have accounts. They each bought once only though.

 

[Goliath]

Jip, same here regarding Takealot! No complaints though.. vouchers do come in handy

 

[rvZA]

Looks like a 2020 breach. There does not appear to be any records after that. In fact, nothing before 2015 either. Unless of course, if they have created their new system in 2015 and imported all older records that time.

 

[naeem]

How about the information regulator fines companies for the price of the records on the black market.

500k x R39 = R19.5mil

sounds about right.

all well and good but where do these fines go to?

19.5 bars to the regulator?