Over 1 Million Records of Data from Several Israeli Delivery Companies Leaked on Forums

The vpnMentor cybersecurity team recently stumbled upon over 50GB of personal data listed on the clear web. The information belonged to the customers and employees of at least 29 Israeli transportation and forwarding companies, according to the post.

A group of hackers listed the trove of data for sale on two separate online forums on November 26th and 27th, 2022. The exposed data includes people’s contact information and shipment details.

We assume the group potentially breached a single point of failure in a software provider to gain unauthorized access to a supply chain of different logistics companies, exfiltrating a range of personal data and shipping records in the process.This theory would explain the wide range of companies exposed.

According to the posts, visitors could buy a dataset of customer and employee information, taken from one of the leaked companies, for the price of 1BTC (equivalent to around US$17,000 at the time of writing). Interestingly, graphics accompanying each of the hackers’ posts suggested the databases were part of a Black Friday sale.

A graphic referencing Black Friday accompanied the hackers’ posts

The group listed 1.1 million records for sale in total. They only shared a small sample of data in the forum. As such, our researchers could not accurately determine whether each exposed record affects 1 person, or whether more or less than 1.1 million individuals are impacted by this breach. Note that we only analyzed sample files to verify the data in accordance with ethical standards and our data privacy rules.

You can see the posts, featuring lists of the companies affected, in the screenshots below.

The group of hackers also posted screenshots that revealed the type of data exposed in the breach.

Employees’ exposed data included:

• Full names
• Addresses*
• Phone numbers

*We’re uncertain whether exposed employee addresses are home or work addresses.

Customers’ exposed data included:

• Full names
• Shipping details (incl. sender’s address, receiver’s address, phone numbers, no. of packages, and more)

You can see evidence of datasets containing customers’ and employees’ information below.

Notably, some Israeli delivery companies suffered cyberattacks in recent days. According to the Israeli government’s cyber bodies, Iranian actors potentially caused these other attacks. However, we don’t know if these other incidents are linked to the data we found online.

Potential Impacts

Criminals could use shipping records to intercept valuable packages, and threaten, trick, or blackmail courier employees into handing them over. Cybercriminals could also use personal details like full names, addresses, and contact information to target people with phishing attacks and scams.

What Should You Do if You Think You’re Affected?

You may want to take some steps to protect yourself if you’ve used one of the compromised logistics services, or you fear that your data has been leaked.

You should ignore any suspicious SMS messages and calls and avoid providing personal information over the phone. Only give out your personal data to a trusted source for a legitimate reason. To avoid falling victim to attacks, educate yourself about phishing attacks, scams, malware, and other forms of cybercrime.

What Are Unethical Hackers Sharing Online and Why Should You Care?

Although data breaches in Telegram groups and darknet forums have become familiar occurrences, it's worth noting that hackers also operate in plain sight. Communicating through the clearnet, they exchange information, coordinate cyberattacks, and discuss data breaches.

Hackers use anonymous forums and text channels to post about cyberattacks and data breaches, often long before the incidents are publicly known. Our cybersecurity researchers scour these online spaces to find out about the latest data leaks. By reporting on them, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data.