A threat actor has allegedly put a database containing the information of over four million users of Zeelab Pharmacy up for sale on a dark web forum. Zeelab is one of India’s largest online pharmacy chains, providing medicines and healthcare products to customers across the country. The breach, if confirmed, would represent a significant compromise of sensitive personal data for a large number of Indian citizens who rely on the service for their medical needs.
The seller posted evidence of the breach, including a sample of the data, and is asking for $600, negotiable, with payment accepted in Bitcoin (BTC) or Monero (XMR). The threat actor claims the information was previously leaked but was not widely circulated. The exposure of this data could place millions of customers at significant risk for targeted phishing attacks, identity theft, and other fraudulent activities.
The allegedly compromised database contains a wide range of personally identifiable information (PII). According to the forum post, the leaked data includes the following fields:
- Full Name
- Age
- Gender
- Phone Number
- Email Address
- Full Physical Address (street, landmark, city, state, zip code)
- Geographical coordinates (Longitude, Latitude)
- User ID and account timestamps
