A purported threat actor has emerged, advertising the sale of LDLC’s database, a prominent French e-commerce website specializing in computer hardware and consumer electronics. The actor alleges access to approximately 1.5 million user records, comprising personal information such as first and last names, email addresses, phone numbers, physical addresses, and additional details. According to the threat actor’s assertions, the database was compromised and subsequently dumped on February 27, 2024.
With access to user data such as names, emails, phone numbers, and addresses, threat actors can engage in various malicious activities, including identity theft, phishing attacks, spamming, and targeted scams. They may sell the data on the dark web, use it for credential stuffing attacks, or even impersonate individuals for financial gain or to perpetrate further cybercrimes.