A threat actor has allegedly put the full administrative system and customer database of EupFin, a B2B fleet and GPS logistics platform based in Vietnam, up for sale on a cybercrime forum. EupFin is a key player in the country’s logistics industry, providing fleet management and GPS tracking solutions to a wide range of enterprise clients. The alleged breach is particularly severe as the seller is not just offering a static database but full, live access to the company’s internal administration panel.
The threat actor claims the dataset contains over 87,000 customer and enterprise records, which were allegedly pulled directly from the company’s production environment. The access being sold would reportedly grant a malicious actor complete control, including the ability to edit or delete records, track vehicles in real-time, and manage fleet coordination. The sensitive information allegedly for sale includes:
- Full Names, Phone Numbers, and Company Names
- Contact Person(s)
- Service Logs
- Order and Contract History
- GPS Tracker Metadata (Live feeds, distance, etc.)
- Payment and Invoice Details
- VIN/Serial linkage per device
This incident poses a significant threat not only to EupFin’s operations but also to the security and privacy of its numerous clients. The exposure of such detailed logistical and financial information could lead to targeted fraud, corporate espionage, and major disruptions to supply chain operations.
