Over 500,000 Incredible, HiFi Corp, and Everyshop customer records possibly hacked
An established data leaker has posted a file in a hacker forum that they claim contains the personal records of 500,000 JD Group customers. They are effectively selling the data for $2 (R39).
JD Group is a division of Pepkor and counts several popular stores in South Africa in its portfolio — including Incredible, HiFi Corp, Sleepmasters, Russels, Bradlows, and online retailer Everyshop.
The database is a text file in comma-separated format (.csv) that includes column titles such as ID, names, emails, phone numbers, delivery addresses, billing addresses, dates of birth, gender, and even tax VAT numbers.
The leaker attached a sample that included the names and surnames, email addresses, home addresses, ID numbers, and, in some cases, phone numbers of 31 people allegedly affected by the breach.
Many of the names and surnames were typically South African, and the ID numbers and phone numbers matched South Africa’s formats.
The shipping addresses also seemed to be for real locations in South Africa.
In addition to the above, the records also included the dates on which the users created their accounts and with which particular store they were held.
The sample list only included customers with Incredible Connection, HiFi Corp, and Sleepmasters accounts.
However, the same user made another forum post on the same day alleging that they had downloaded a database with 67,000 records of Everyshop customers.
This post was first highlighted on Twitter by threat intelligence analysts @FalconFeedsio on Saturday, 27 May 2023, and sent to us by a MyBroadband reader.
“A user in a hacker’s forum claims to have exposed the database of Everyshop ( everyshop.co.za),” the firm said.
“The claimed data includes 67,000 emails, names, phone numbers, addresses, DOBs, passport numbers, and so on.”
Both data leaks were posted by a user called “Chucky”.
According to cybercrime analysts Kela Cyber, the threat actor who operates the forum goes by “Chucky”, “Chuckies”, or “Sqlrip”.
However, they said it was possible that the threat actor’s partners operated those users.
“The actor constantly shares hundreds of new SQL databases of shops and companies worldwide,” Kela Cyber said in September 2022.
“Lately, the actor has started to regularly share collections of different databases.”
To access the databases, forum users must spend “credits” — 10 for the JD Group database and 8 for the Everyshop one.
Credits may be earned on the forum, but users can also buy 100 credits for $20 (R395).
Stated differently — the data is basically being given away for free, or for less than R40 each for those who want to save themselves an hour or two of effort.
MyBroadband asked JD Group for feedback on the issue but did not immediately receive feedback on our queries.