MyDeal Hacked – Over 2.2M Users Data Advertised For Sell on a Hacker Forum

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing
MyDeal, a subsidiary of the Woolworths Group disclosed a data breach that impacted more than 2.2 million customers. Reports say the hacker was attempting to sell the stolen data on a hacker forum.

In September 2020, 80% of MyDeal were acquired by Woolworths, nevertheless Woolworths was not impacted by the security breach.

“A compromised user credential was used to gain unauthorised access to its Customer Relationship Management system resulting in unauthorised access to some customer data within our network”, according to the data breach notification published by the company.

The hackers gained access to the MyDeal Customer Relationship Management (CRM) system by exploiting a user’s compromised credentials. That is the system they use to take customer support calls.

MyDeal data for sale on a hacking forum
The hacker also shared screenshots of what they claim are the company’s Confluence server and a single-sign-on prompt for the company’s AWS account. Further, the hacker released samples of the stolen data, exposing the personal information of 286 alleged MyDeal customers.

As soon as the company was aware of the breach they blocked the access to all affected systems. The company notified all relevant authorities and ensure to assist with their inquiries into the matter.