A threat actor is allegedly selling sensitive databases belonging to a trio of US-based companies on a popular hacking forum, placing the data of millions of individuals at risk. The origin of the alleged breaches has not been disclosed. The targeted companies span the meal-delivery, custom computer, and transportation industries.
The allegedly compromised companies are:
- CookUnity: A major meal-delivery service with a reported annual revenue of over $500 million.
- Origin PC: A well-known custom PC manufacturer and a subsidiary of the major tech hardware company Corsair, with revenues stated to be over $1.2 billion.
- OurBus: An intercity bus booking service with a reported revenue of more than $24 million.
The seller is offering the vast datasets for prices ranging from $300 to $700 and claims they contain millions of records, including over 99 million for CookUnity alone. The potential exposure from this alleged leak is significant, potentially compromising the personal and financial information of both customers and employees. The data for sale allegedly includes:
- All Customer Information (including full names, emails, phone numbers, and billing addresses)
- Employee Data
- All Orders
- All Stripe Invoices
