In a recent post on a dark web forum, a threat actor has claimed responsibility for breaching the database of Toaping, a South Korean education company. The alleged breach was published by a threat actor under the moniker EnergyWeaponUser.
The alleged breach reportedly involves 173,000 lines of data, along with a partner list containing 13,000 entries. According to the post, the data was obtained earlier this month and is now being offered for sale.
The allegedly compromised data is said to include a wide range of sensitive information, such as lecture codes, types, and times, as well as personal details like names, emails, and billing information. The database also appears to contain details on study progress, work days, and test scores, potentially exposing thousands of individuals to identity theft and other cyber threats.
In addition to the primary database, the partner list includes critical information about the company’s affiliates. This list reportedly contains partner IDs, passwords, business registration numbers, contact details, and other financial information. The headers for the partner list suggest that a wide array of business-related data has been compromised, including banking information, commission details, and promotional records.
The threat actors have invited interested parties to purchase the stolen database by contacting via the forum or via XMPP.
