A threat actor has announced the sale of a database allegedly belonging to Hey You (heyyou.com.au), a popular Australian application that allows users to order food and drinks from various cafes and fast food outlets across the country.
The claimed database contains 202,488 records, including full names, emails, phone numbers, addresses, usernames, and passwords.
The detailed information provided by the threat actor includes customer data columns such as customer ID, user ID, first and last names, mobile numbers, email addresses, available and actual balances, free transactions, referred by information, date of birth, payment methods, images, anonymous status, plan ID, beacon settings, referrer codes, verified status, IP addresses, user agents, geocode addresses, and Google opt-in status.
User data columns include user ID, email, password, ECI ID, registration timestamp, status, addresses, suburb, postcode, state, country, push token, Facebook ID, Google ID, Apple ID, PayPal ID, country ID, country region ID, currency ID, and password reset tokens.
The threat actor has provided this information to demonstrate the extent of the data breach and to attract potential buyers. The sale of such data poses significant risks to the privacy and security of the affected users.