Allegedly, a threat actor has put up for sale an exploit that provides customer information from purchases made by 100+ companies (such as Apple, Hp, Huawei, Samsung, Lenovo, Dell, and many others popular companies). The data includes billing and shipping addresses, serial numbers, company names, account numbers, phone numbers, tracking numbers (all order and account information).
They claims having created a bot to download results daily for the past year, accessing between 500 to 5000 orders within the last 12 hours. The package for sale includes the downloaded data, the exploit used, and the Python bot created. However, they haven’t sold such items before and are unsure of pricing. Initially, they’re asking for $14,500, but negotiations are welcome.
Additionally, they’re asking for an extra $3,000 to demonstrate the bug used to download the order receipts.