A threat actor operating under the alias “JumboJet” has allegedly breached the Indian business automation platform Basiq360, claiming to have exfiltrated a massive database containing sensitive sales, distributor, and payment information. The allegations surfaced on a dark web forum, where the individual posted details of what is purported to be over 3.5 million rows of data extracted from the platform.
According to the post, the alleged breach targeted Basiq360, a cloud-based sales and logistics tool developed by Abacus Desk IT Solutions, a Faridabad-based technology company specializing in QR-code sales tracking, inventory management, and anti-counterfeit solutions. The actor claims that the stolen database, approximately 600 MiB in size, consists of 183 tables, including detailed records of distributor networks, product pricing, order logs, and potentially sensitive payment transactions.
Among the most notable allegedly exposed data sets are:
- Customer & Product Mappings: ~434,000 rows
- Distributor Segments: ~323,000 rows
- Regional Product Pricing: ~280,000 rows
- Delivery Logs with Addresses: ~217,000 rows
- Payment Records: ~135,000 rows (potentially medical or customer payments)
- Real-time Push Notifications: ~110,000 rows
The individual behind the alleged breach describes the database as a “goldmine” for various forms of cyber exploitation, including fraud, phishing, and supply chain manipulation. The threat actor is reportedly offering the data for sale, with payments being requested in cryptocurrency.
