A hacker claims to have breached the Australia-based specialty tea company, Tea Too (T2) and obtained the personal information of more than 85,000 customers.
The threat actor, who uses the online handle “emo” posted on a popular hacking, stating that he pulled off a successful data breach of Tea Too. The data was posted on the forum for free, letting any criminals get their hands on it.
Emo claims the hack was recent, but initial investigations revealed that the information seems to be from 2021 and previous years.
While much of the info is dated, that doesn’t make it less dangerous in the hands of a skilled hacker. Some of the information includes partial payment info, large.XLM files related to older orders, inventory details, customer wishlists, and messages that users left to each other when sending gifts using the platform.
Other forum users have already jumped at the chance to pilfer through the data.
“(It) also contains partial CC data, payment methods, physical addresses and orders. Thanks for this leak!” one user posted.
Also included in the post is a sample of the data, which appears to be an entry for a single Australian customer. The data appear legitimate, as do the other files,” writes cyberdaily.au.
Criminals can use the newly exposed data to craft social engineering schemes designed to steal from T2 users. As such, all T2 users are being encouraged to rotate their passwords and ignore suspicious texts, phone calls, and emails for the next several months.
The post even includes the threat actor brazenly thanking one of his colleagues.
“Credit to doubl for this breach,” they write.
The hacker obtained “emails, names, phone numbers, date of birth, genders, and passwords stored using Scrypt.”
According to emo, the personal data of 85,981 people were revealed.
Journalists with cyberdaily reached out to T2 for an official statement but have yet to get a response.