A threat actor allegedly compromised the LuluMarket database and is sharing it on a dark web forum. The threat actor states that the breach is new and happened in July 2024.
According to the post, the threat actor has the full database including millions of users and orders. The threat actor is planning to release part of it at a later date.
The post indicates that the compromised data contains cellular numbers and email addresses. No contact information or price is indicated. The threat actor also included a sample from the allegedly compromised data.