A threat actor has allegedly leaked a substantial database belonging to Haha Graby World, a Malaysian-based direct-selling company. The data, which is claimed to contain 200,000 rows of information, was published on a hacking forum. The post is marked as “PART 1,” indicating that this could be the first of multiple releases, potentially exposing even more sensitive information about the company’s customers and agents.
The leaked data appears to be comprehensive, compromising two critical database tables related to company sales and commissions. The files contain a vast amount of personally identifiable information (PII) and financial data. The exposure of such detailed records could lead to significant risks for the individuals involved, including fraud, identity theft, and highly targeted phishing campaigns.
The allegedly leaked data includes:
- Full names, usernames, and contact numbers
- Complete physical addresses, including city, state, and postcode
- Email addresses
- Detailed sales and invoice information
- Buyer and agent identity details
- Commission and bonus payment records
- Internal agent hierarchy, including sponsor and introducer names
