Mydeal Suffered a Breach With Attackers Selling Users' Data Online

MyDeal, an Australian online retailer, acknowledged a data breach that affected more than two million of its users. The company informed all impacted consumers of the situation and explained that an unidentified attacker broke into its systems and obtained client identity information. According to BleepingComputer, the threat actor was able to gain the login credentials for the Customer Relationship Management (CRM) platform of MyDeal and exploited it to collect sensitive data from over 2.2 million people. Furthermore, the stolen information included names, email addresses, phone numbers, postal addresses, and, in some cases, birth dates. On the other hand, for a smaller proportion of users (1.2 million), the hackers only obtained email addresses. Moreover, even though there are only a few clues about the offenders, it is evident what they are trying to do with the data - sell it for $600 on a dark web forum. MyDeal estimates that there are presently over one million entries in the database, with an expected increase as the attacker continues to parse it. Additionally, the attackers shared pictures of MyDeal's Confluence servers and the Single Sign-On (SSO) prompt for its account with Amazon Web Services (AWS) to demonstrate the validity of the attack. According to MyDeal, the attackers did not get any passwords, identification document data, or payment information. Nevertheless, it advises users to change their passwords. Besides, even the greatest password managers could not have stopped such an attack.

Aw man, I'm pwned again! Thanks @mydealaustralia ?‍♂️ pic.twitter.com/3PKMJXJJfe

— Troy Hunt (@troyhunt) October 17, 2022

What is MyDeal? MyDeal is an Australian retail portal that aims to link nearby merchants with prospective customers. Woolworths purchased it in September 2022, but the grocery store company asserts that because its systems are on a different platform, they are fully safe from attackers. Meanwhile, although the thieves may not have obtained payment information or passwords, users are advised to be on the lookout for phishing assaults and identity theft.