Popular South African online store hit by data breach
Hacking group Kill Security (KillSec) has claimed to have breached South African e-commerce retailer OneDayOnly, extracting private contact information, account contact details, and payment methods from the online store.
The post on KillSec’s dark web site announcing the breach circulated on Twitter/X, with the group planning to publish the stolen data within a week.
They are reportedly demanding that OneDayOnly pay a $100,000 (R1,777,695) ransom by Tuesday, 3 September 2024, to prevent the data from being posted online.
OneDayOnly confirmed to MyBroadband that it experienced a security incident relating to certain information on a cloud storage folder.
“We are currently conducting an investigation and will be liaising with the relevant authorities and affected data subjects,” it said.
However, it emphasised that no customer data was involved.
“We can confirm that no personal customer data or financial information is involved,” said OneDayOnly.
“Sensitive data pertaining to our customers is hosted by a separate cloud provider that is not impacted in this incident,” said OneDayOnly.
“Furthermore, we can emphatically state that we do not hold credit card information and such information is held by our payment partners.”
Based on the sample data KillSec published, the group downloaded a cache of OneDayOnly’s supplier take-on forms.
KillSec is a relatively new villain in the cybersecurity space.
According to Ransomlook.io, its first claimed breaches occurred in March 2024, and it has allegedly breached a total of 22 victims.
The Russian ransomware group has targeted various industries and countries, with alleged victims in government, banking and finance, sports and gaming, defence, and manufacturing sectors.
According to Halcyon, KillSec uses various communication channels, including Telegram, Session Messenger, and Tox. It demands its payments in Monero cryptocurrency.
South Africa is becoming an increasingly attractive target for cybercriminals, and OneDayOnly is not the first local online retailer to have been breached in recent years.
In June 2023, Incredible and Hi-Fi Corp owner JD Group confirmed that it had suffered a data breach that exposed the personal information of more than 500,000 of its customers.
Impacted stores included Bradlows, Everyshop, HiFi Corp, Incredible, Rochester, Russells, and Sleepmasters.
JD Group CEO Peter Griffiths said exposed information included names, contact details, and ID numbers, adding that the company had taken immediate action to investigate and mitigate the breach’s impact.
“The entire extent of the incident has already been assessed, and our dedicated team has been working on identifying affected data subjects and providing prompt communication,” he said.
“We will also cooperate with regulatory authorities and implement enhanced security measures to mitigate such incidents in the future.”
He added that no banking or financial information had been compromised.
Griffiths’ statement came a few days after a user with the alias “Chucky” published what they claimed to be records of 500,000 JD Group and 67,000 Everyshop customers on a public hacker forum.
They included samples in each post that showed some names and surnames, email addresses, home addresses, ID numbers, and, in some cases, phone numbers.
Ransomware a big threat to South African businesses
According to Orange Cyberdefense head of security Charl van der Walt, Business Email Compromise and ransomware are among the biggest cyberthreats to businesses in South Africa.
“South African businesses are technically indistinguishable from other businesses worldwide, so the technical threats and the vulnerabilities that lead to them are very similar,” he said.
These include phishing, unpatched vulnerabilities, and credential stuffing through leaked, weak, or cracked passwords.
“Using these access vectors, two major global cybercrimes impact South African businesses also, namely Business Email Compromise (BEC) and ransomware,” said Van der Walt.
“Both of these crimes have the double advantage of being technically simple to perpetrate and offering criminals direct access to money without having to perform other complex tasks.”
He added that South African businesses also faced the unique challenge of malicious actors deployed within their company to perform fraud.
“Payment fraud, which involves unauthorised access to someone’s online account to make fraudulent transactions, is a common example of this,” Van der Walt said.