Threat Actor: Unknown | Unknown
Victim: Various E-commerce Stores | Various E-commerce Stores
Price: $100 – $3,005
Exfiltrated Data Type: User accounts and transaction data
Key Points :
- The threat actor is auctioning access to multiple e-commerce websites running on Magento 2.
- Targeted regions include Kuwait, Slovenia, and England, with varying user bases and transaction volumes.
- Access to a Kuwait-based electronics store with 77,817 registered users is starting at $500, with a blitz price of $1,000.
- A Slovenian perfumery store with 1,966 users has a starting bid of $100 and a blitz price of $3,005.
- An English bicycle and scooter shop with 225 users starts at $250, with an immediate buy option at $500.
- All auctions are set to conclude in 48 hours, requiring buyers to provide a deposit and cover guarantor costs.
Allegations have emerged on a dark web forum where a threat actor is reportedly auctioning access to several e-commerce websites running on Magento 2.
According to the posts, the threat actor is allegedly targeting online stores from various regions, including Kuwait, Slovenia, and England, with varying levels of users and transaction volumes.
One of the listings claims access to a Kuwait-based electronics store. The store is said to have 77,817 registered users, with orders for the past three months listed as 403 for September, 508 for August, and 419 for July. The bidding for access allegedly starts at $500, with a “blitz” price of $1,000, implying an immediate sale if met. The auction is set to conclude in 48 hours, with additional costs, such as a guarantor, falling on the buyer.
A second listing reportedly offers access to a Slovenian perfumery store, accepting multiple payment methods, including Visa, Mastercard, PayPal, and bank transfers. This store allegedly has 1,966 users, with orders amounting to 121 in September, 73 in August, and 88 in July. The starting bid for this site is set at $100, with increments of $50, and a “blitz” price of $3,005.
The third listing allegedly involves a bicycle and scooter shop in England, with 225 users and consistent order numbers across the past three months: 240 in September, 248 in August, and 233 in July. The auction for this access starts at $250, with the option to buy immediately at $500.
The dark web posts detail that the auctions will run for 48 hours, with buyers needing to provide a deposit and cover the cost of a guarantor.
The post Threat Actor Claims to Sell Access to E-commerce Sites appeared first on Daily Dark Web.