Updated
Naheed.pk, the popular online shopping site, has just had its data leaked on a hackers’ forum on the dark web. This breached info is now included in LeakBase’s database.
The hackers claim that the database includes up to 23,000 user records and 108 order details including sensitive information such as user id, email, names, addresses, payment details, phone numbers, and more.
Have a look at the screenshot below.
How Did It Happen?
We reached out to Naheed for a comment on the matter and they revealed that one of their developer’s laptops was compromised due to multiple phishing attempts. This allowed the attackers to get hold of “non-critical test data” on one of their staging servers.
However, Naheed is currently reporting the incident to the relevant law enforcement so they can take action against the attack. The company also assures that no data from their live servers was compromised.
The data breach at Naheed serves as a stark reminder of the importance of data protection and cybersecurity. Online shopping platforms and other businesses that collect personal information must prioritize their customers’ security and take proactive measures to prevent data breaches.
Customers, on the other hand, must also take responsibility for their own security by using strong passwords, monitoring their accounts regularly, and reporting any suspicious activity promptly.
Shopify/WooCommerce is the way forward for security. Stores using Magento etc. on own servers will have this happen.
samja nhe. kia bol rahe ho
Yes you are right using magento or woocommerce on own server is way too risky as most of the companies in Pakistan don’t have proper IT dept and they don’t take cyber security seriously.
If the developer’s laptop got compromised, how was the user’s information leaked, as the user’s information are usually stored on dedicated backend servers.
Usually developer’s laptop are well patched and they are aware of current cyber threats. So there is something fishy about this article.
The main reasons of breach are that companies host the websites without any layers of security. Web Application Firewall, Network Firewalls help in mitigating DDoS and OWASP Top 10 Attacks.
It is always a good practice to do pen test to assess the vulnerability of apps.