The actor is offering a 25GB database for sale, which they allege was exfiltrated from the company’s “Firebird” omnichannel solution. The provided evidence includes screenshots of successful database access, internal user tables, and system-level access on a host named firebird-auth-api.altruistindia.com. The actor also claims to have persistent (Root) access to the company’s network.
According to the threat actor, the compromised data includes:
-
The complete 25GB database.
-
The full source code for the “Firebird” platform and other solutions.
-
Sensitive client data.
-
Internal user credentials and personal information, including:
-
Usernames
-
Email addresses
-
User roles
-
Last login times
-












