Threat Actor Allegedly Offers Database and Source Code of Egypt-Based Lucky App for Sale

Reports emerge of a concerning development as a threat actor alleges to be offering for sale the database and source code of Lucky, a prominent app for credit products, renowned for its offerings and cashback services in Egypt. Developed by Dsquares, Lucky boasts over 5 million installs across various platforms, establishing itself as a leading player in the realm of credit products and loyalty rewards.

The purported sale includes the database of the Lucky app, housing information for 650,000 users, along with the backend source code for Couponz and Loyalty360, built on .NET technology. The database, sized at 1.2GB, is being marketed to potential buyers, with the threat actor offering to share proofs or samples of the source code upon request from serious buyers. Notably, sample data from the LuckyUser and AdminUser tables has been disclosed, providing insights into the structure and contents of the compromised data. The revelation raises significant concerns regarding the security and privacy of Lucky app users and underscores the persistent threat posed by cybercriminals in the digital landscape.

LuckyUser Table Columns:

– Id
– Email
– EmailConfirmed
– PasswordHash
– SecurityStamp
– PhoneNumber
– PhoneNumberConfirmed
– TwoFactorEnabled
– LockoutEndDateUtc
– LockoutEnabled
– AccessFailedCount
– UserName
– FullName
– ReferralCode
– Birthdate
– ProfilePicName
– RegistrationOtp
– RegistrationOtpCreatedDateTime
– IsActive
– ProfilePicPath
– GenderId
– AccountTypeId
– TempUnconfirmedEmail
– TempUnconfirmedPhoneNumber
– CreatedDate
– ResetPasswordOtp
– ResetPasswordOtpCreatedDateTime
– LoginOtp
– LoginOtpCreatedDateTime
– FailedCount
– LastLoginDate
– LastFailedLoginDate
– SendingOtpSmsBlockedtill
– IsMailVerified
– SocialId
– IsMerged
– IsDeleted
– BaseLineDate
– CashOutEmailVerificationOtp
– CashOutMobileVerificationOtp
– CashOutMobileVerificationOtpCreatedDateTime
– CashOutMobileVerificationTrialsCount