Our dark web researchers from iZOOlogic have recently discovered a new data breach post from a threat actor under the username “NetSecOfficial,” which involved stealing alleged data from Flipkart, an Indian-based e-commerce giant that Walmart also owns.
Based on the post in a cybercriminal forum, the hacker claimed that they hold Flipkart’s data worth about nine million lines, with a CSV file size of 500MB (uncompressed) and 80MB (compressed). This particular post was released on September 23.
The hacker also listed the alleged compromised data from the Flipkart breach, including customers’ full names, phone numbers, addresses, states, and PIN codes.
The authenticity of the threat post about the purported Flipkart data breach is still under verification.
According to our investigations of these initial findings, the authenticity of the threat post is still questionable, bearing in mind that the forum’s mod is still in the middle of verifying its contents. Our experts also consider that the user that posted it could only be baiting for internet karma or posting duplicates of other threat actors’ data; hence we cannot confirm yet if the post was authentic.
In July 2022, a Flipkart-acquired flight booking site in India, Cleartrip, suffered a data breach that compromised customers’ personal information. Although the number of impacted individuals has not been disclosed, the firm advised all its customers to be cautious against potential cyberattack threats.
Additionally, in May last year, Flipkart was also hit with a data breach that exposed some of its users’ information to hackers. In this issue, all Flipkart’s users were required to change their login credentials, especially if they use the same credentials for many websites.
From these previous data breach reports on Flipkart, we presume that threat actors could have obtained the alleged stolen data by exploiting one of the past incidents. Nonetheless, our experts will continue investigating these initial findings until more information is confirmed and the threat actor’s claims are proven true.
Whether or not the findings have been confirmed true, this case should not be treated lightly. All Flipkart users must be more cautious about potential threats from hackers, change their account credentials to a stronger one, monitor any suspicious behaviour in their accounts, and report them to authorities if it ensues.
