In a series of alarming posts on a prominent dark web forum, a threat actor has advertised stolen databases from two major Indonesian digital platforms, offering sensitive user data for sale. The breaches, which occurred in September 2024, involve Kreen, a digital event promotion platform, and KMNC, a healthcare management application designed to transform prenatal care.
The threat actor is selling both datasets for $50 per copy, accepting only the cryptocurrency Monero (XMR) as payment. The seller has also offered to use an escrow service, providing additional assurance to potential buyers.
Kreen Breach
The Kreen application is a digital platform facilitating event promotion across various categories. It allows users to access information about events relevant to Indonesians both locally and abroad. According to the breach details shared by the threat actor, the stolen database contains:
- 205,717 event orders
- 86,792 individual orders
- 63,230 user records
According to the seller data also includes identifying information such as names, email addresses, phone numbers, and event order details.
KMNC Breach
KMNC, a healthcare management platform aimed at improving prenatal care, was also compromised in September 2024. The platform, which stores sensitive medical information, had its database breached, containing personal and medical details for 27,180 patients. The leaked data includes:
- Names, national identification numbers (NIK)
- Medical records, phone numbers
- Addresses, birth dates, and more.
According to the post detailed medical records and demographic data, extending to both patients and their family members were allegedly breached.
The threat actor has made both datasets available for purchase and can be contacted through Tox or the dark web forum where the post was initially shared.
