Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Over 1 Million Records of Data from Several Israeli Delivery Companies Leaked on Forums

The vpnMentor cybersecurity team recently stumbled upon over 50GB of personal data listed on the clear web. The information belonged to the customers and employees of at least 29 Israeli transportation and forwarding companies, according to the post.

A group of hackers listed the trove of data for sale on two separate online forums on November 26th and 27th, 2022. The exposed data includes people’s contact information and shipment details.

We assume the group potentially breached a single point of failure in a software provider to gain unauthorized access to a supply chain of different logistics companies, exfiltrating a range of personal data and shipping records in the process.This theory would explain the wide range of companies exposed.

According to the posts, visitors could buy a dataset of customer and employee information, taken from one of the leaked companies, for the price of 1BTC (equivalent to around US$17,000 at the time of writing). Interestingly, graphics accompanying each of the hackers’ posts suggested the databases were part of a Black Friday sale.

A graphic referencing Black Friday accompanied the hackers’ postsA graphic referencing Black Friday accompanied the hackers’ posts

The group listed 1.1 million records for sale in total. They only shared a small sample of data in the forum. As such, our researchers could not accurately determine whether each exposed record affects 1 person, or whether more or less than 1.1 million individuals are impacted by this breach. Note that we only analyzed sample files to verify the data in accordance with ethical standards and our data privacy rules.

You can see the posts, featuring lists of the companies affected, in the screenshots below.

The group of hackers also posted screenshots that revealed the type of data exposed in the breach.

Employees’ exposed data included:

  • Full names
  • Addresses*
  • Phone numbers

*We’re uncertain whether exposed employee addresses are home or work addresses.

Customers’ exposed data included:

  • Full names
  • Shipping details (incl. sender’s address, receiver’s address, phone numbers, no. of packages, and more)

You can see evidence of datasets containing customers’ and employees’ information below.

Notably, some Israeli delivery companies suffered cyberattacks in recent days. According to the Israeli government’s cyber bodies, Iranian actors potentially caused these other attacks. However, we don’t know if these other incidents are linked to the data we found online.

Potential Impacts

Criminals could use shipping records to intercept valuable packages, and threaten, trick, or blackmail courier employees into handing them over. Cybercriminals could also use personal details like full names, addresses, and contact information to target people with phishing attacks and scams.

What Should You Do if You Think You’re Affected?

You may want to take some steps to protect yourself if you’ve used one of the compromised logistics services, or you fear that your data has been leaked.

You should ignore any suspicious SMS messages and calls and avoid providing personal information over the phone. Only give out your personal data to a trusted source for a legitimate reason. To avoid falling victim to attacks, educate yourself about phishing attacks, scams, malware, and other forms of cybercrime.

What Are Unethical Hackers Sharing Online and Why Should You Care?

While we’ve grown accustomed to discovering data breaches in Telegram groups and darknet forums, sometimes hackers hide in plain sight. Hackers communicate with one another through the clearnet to share information, organize cyberattacks, and talk about data breaches.

Hackers use anonymous forums and text channels to post about cyberattacks and data breaches, often long before the incidents are publicly known. Our cybersecurity researchers scour these online spaces to find out about the latest data leaks. By reporting on them, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data.

About the Author

vpnMentor Research Lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data. Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.