Brinztech Alert: The Alleged Customer Database of Ozone.bg is on Sale

Dark Web News Analysis

The dark web news indicates the alleged sale of a customer database from Ozone.bg, a prominent entertainment and e-commerce company in the region. The breached data purportedly contains over 100,000 rows of customer order information. The compromised fields are highly sensitive, including Personally Identifiable Information (PII) such as full names, physical addresses, phone numbers, email addresses, and specific order details. The asking price for the database is set at a relatively low €350. Notably, the data is described as recent, with a timestamp as late as November 22, 2025, making it fresh and highly actionable for cybercriminals.

Key Cybersecurity Insights

The breach of a major e-commerce retailer carries distinct risks due to the freshness and granularity of the data:

• High “Freshness” Value: The fact that the data is dated November 22, 2025, makes it incredibly dangerous. “Fresh” data has not yet been burned (flagged by spam filters). Attackers can use the recent order details to send highly convincing phishing emails (e.g., “There is an issue with your delivery of [Item Name] ordered on Nov 22”).
• GDPR & Compliance: As a Bulgarian company operating within the EU, Ozone.bg faces significant GDPR liability. A leak of 100,000 customer profiles containing addresses and phone numbers could trigger heavy fines from local Data Protection Authorities if negligence is proven.
• Low Price Point (€350): The low asking price suggests the threat actor prioritizes a quick sale to multiple buyers over exclusivity. This ensures the data will likely be widely distributed among spammers, fraudsters, and Initial Access Brokers very quickly.
• Physical Security Risk: The exposure of physical addresses combined with phone numbers and names can lead to “brushing” scams or more severe forms of harassment and fraud involving package redirection.

Mitigation Strategies

To protect customers and mitigate regulatory fallout, the following strategies are recommended:

• Immediate Investigation: Conduct a forensic investigation to verify the authenticity of the sample data. Determine if the breach originated from a direct database compromise or a third-party logistics partner.
• Customer Notification: If the breach is confirmed, notify affected customers immediately as per GDPR requirements. Transparency is crucial to maintaining trust. Warn them specifically about delivery-related phishing scams.
• Password Resets: Mandate password resets for all Ozone.bg user accounts. Since users often reuse passwords, this prevents the attackers from testing these credentials on other platforms (credential stuffing).
• Enhanced Security Measures: Implement Multi-Factor Authentication (MFA) for user accounts and administrative panels. Encrypt sensitive PII fields in the database to render them useless if exfiltrated in the future.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com