A threat actor has allegedly put a vast trove of data belonging to Binghatti, a major real estate development company headquartered in Dubai, United Arab Emirates, up for sale on a hacking forum. Binghatti is a prominent player in the UAE’s property market, known for its extensive portfolio of residential and commercial projects. The alleged breach exposes the sensitive personal and financial information of its international clientele, raising significant concerns about privacy and security.
The seller claims the data was exfiltrated from a sales manager’s account and includes a wide array of highly confidential information. To substantiate their claims, the threat actor shared several sample files, including screenshots of reservation agreements, customer passports, bank transfer confirmations, and property floor plans. The post on the forum advertises the following types of data for sale:
- Customer Personal Information: Including full names, email addresses, mobile numbers, nationalities, and residency status.
- Official Documents: Scans of customer passports and Emirates ID cards.
- Sales and Property Details: Full sales orders with information such as unit numbers, project names, property prices, discounts, and payment plans.
- Financial Information: Bank transaction files and payment advice documents detailing customer payments.
- Signed Agreements: Complete reservation agreements containing purchaser details, property specifics, and signatures.
The dataset, which reportedly includes a file with over 350 customer records and hundreds of individual document files, poses a severe risk to the individuals affected. The threat actor explicitly highlighted the data’s potential use for malicious activities, including investment fraud and other scams. The exposure of such detailed personal and financial data could lead to targeted financial fraud, identity theft, and sophisticated phishing campaigns against Binghatti’s customers.
