Database Snafu Leaks 600K Records from Marketplace
An online marketplace on which users trade?discounted online accounts, license keys, and malware has suffered a data leak exposing hundreds of thousands of sensitive records.
Security researcher Jeremiah Fowler found 600,000 “customer support attachments” related to the website Z2U, which included images of individuals holding credit cards, passports, and other ID documents.
Also exposed in the non-password-protected database were: payment transactions including IBAN numbers; user account logins, emails, and passwords; and order confirmations showing the buyer’s name, email, and details of their purchase.
Additionally, Fowler was able to access screenshots of the customer support dashboard, communications, purchase histories, account credits, and refund requests.
Fowler said the platform is based in China, as was the server hosting the database in question. Z2U also has an?English-language site?and a 4.5 rating on?Trustpilot.
It claims to be a “world-leading digital marketplace trading platform” for gamers, dedicated to buying and selling in-game items.
领英推荐
However, Fowler’s research appeared to reveal a wide range of dubious trading activity outside the gaming world, including the sale of social media, streaming, and even Amazon accounts.
“This bypasses the validation processes that many social media companies put in place to prevent malicious or fraudulent activity on their platforms. The Amazon customer (buyer) and merchant (seller) accounts sold on Z2U also pose a risk of fraud.”
“Sharing or selling accounts raises many ethical and security concerns. I saw documents indicating users on Z2U were selling HBO MAX and Netflix Premium accounts for as little as $1, and Disney+ three-month subscriptions for $5. For reference, Disney+ costs $109.99 per year, while sellers on Z2U offer access for as low as $17 per year. In the UK it is against the law for users to share their passwords for services such as Netflix, Amazon Prime Video, and Disney+.”
Fowler also claimed to see Windows license keys for sale “at a fraction of the real price” and sellers “offering viruses, malware or other malicious applications.”
For Further Reference