A threat actor has posted on a dark web forum allegedly selling a database belonging to Vurbis Interactive, a technology company based in the Netherlands. Vurbis specializes in providing innovative and flexible solutions for virtual marketplaces, utilizing technologies such as Cloud and AI for partners in marketing and sales. The seller claims the database contains sensitive information belonging to nearly 89,000 users. According to the post, the breach was carried out after the threat actor’s attempts to report security vulnerabilities to the company were allegedly ignored.
The compromised dataset is being sold for $100 and allegedly includes a significant amount of personally identifiable information (PII). The exposure of this data could place affected individuals at risk of phishing campaigns, identity theft, and other fraudulent activities. The threat actor provided a sample of the data, which reportedly contains the following user details:
- Full names
- Email addresses
- Phone numbers
- Physical addresses (city, zip code, country)
- Company names
- Family card numbers
- Passwords (hashed using MD5)
This incident highlights the potential risks associated with customer data held by B2B technology providers. As a firm that creates platforms for other businesses, a breach at Vurbis could have downstream effects on its partners and their end-users. At the time of this report, Vurbis Interactive has not publicly commented on the alleged data breach.
