Cybercriminals have successfully stolen from "the largest Asian and Hispanic grocery store in North America."
Weee! recently announced it experienced a data breach that impacted some customer information, leaking millions of personal information in the process.
The company is currently investigating the incident to better shore up its online security and deliver on the trust its community places in it.
Weee! Data Breach Details
Weee! mentioned in its announcement that the data breach it suffered impacted some customer information, though it can confirm that the breach exposed no customer payment data to the cybercriminals as the company does not retain any customer payment information in its databases.
The company added that the leaked data including the names, addresses, email addresses, phone numbers, order numbers, order comments, and even the devices of customers who placed an order between July 12, 2021, and July 12, 2022, have been exposed due to the data breach.
Although Weee! did not mention how many people were affected by the data breach, Bleeping Computer, citing a report from Troy Hunt of the Have I Been Pwned data breach notification service, stated in its article that the leaked data only included 1.1 million unique email addresses.
Simply put, 1.1 million people are now at risk of being targets of cybercrime or flat-out criminal activity. The cybercriminal in question, a person who goes by the online name IntelBroker, began leaking the data for Weee! on a hacking and data breach forum called Breached.
IntelBroker mentioned in the forum post he made that hackers successfully stole a database of 11 million customers, not 1.1 million, belonging to the Sayweee website.
Cybernews' research team confirmed that the leaked data appeared to be composed of data that the company mentioned, which didn't appear in previous leaks. Some of the leaked logs included delivery notes that customers left for couriers, such as codes to enter residential or office buildings.
A spokesperson for the company said that it had notified all customers of the issue and will be notifying all impacted customers individually if the cybercriminal exposed their information.
Weee! is investigating the data breach and is undertaking a thorough review to ensure it continues to deliver on the trust its community placed in it as of press time.
How Would Cybercriminals Use The Data?
Since the leak is confirmed to have customers' names, addresses, phone numbers, email addresses, and even what kind of phone they're using, Weee! customers are more likely to be the target of fraud, spear phishing attempts, tracking, and even unwanted contact at their homes, per Heimdal Security.
Additionally, their exposed phone numbers could be exploited for phishing, fraud, impersonation, and marketing. Some cybercriminals could even conduct identity fraud using the leaked data.
To avoid being a victim of phishing campaigns, affected people must activate two-step verification and look for their tell-tale signs.
Additionally, people must beware of strangers calling them to give them access to their accounts as this may be a social engineering attack designed to pressure them into giving in to the caller, who is a hacker.