Brinztech Alert: The Alleged Data of Honey are on Sale

Dark Web News Analysis

The dark web news reports a significant data incident involving Honey, the popular browser extension (owned by PayPal) that aggregates online coupons. A threat actor on a hacker forum is selling a scraped dataset containing information from over 180,000 online stores.

The compromised data is highly specific to the e-commerce ecosystem. It includes Coupon Codes—specifically noting “private” types such as Employee, Friends & Family, Law Enforcement, and Test Codes. Additionally, the leak exposes Store Details (IDs, URLs), Shopper Activity Metrics (traffic volume over 24h/30d), and Savings Data. This dataset effectively maps the discount strategies and traffic flows of thousands of merchants.

Key Cybersecurity Insights

Breaches of aggregator platforms are “Tier 1” retail threats because they expose the internal promotional logic of merchants to mass abuse:

• Promo Code Hemorrhage: The exposure of Private Codes is the primary financial risk. Codes intended for employees (often 50-70% off) or “Test” environments (often 100% off) are now public. Bots can automate the application of these codes across thousands of carts, causing massive revenue loss before merchants can revoke them.
• Competitive Intelligence: The leak of Shopper Activity Metrics (e.g., “Shoppers 24h”) allows competitors to spy on a store’s performance. They can see exactly which stores are trending and how much savings are being applied, effectively stealing confidential market data.
• Merchant Phishing: With precise Store IDs and URLs, attackers can launch targeted phishing campaigns against the store owners. Emails claiming “Honey Partner Alert: Issue with Store ID #12345” will look legitimate, tricking merchants into clicking malicious links that compromise their admin panels.
• Staging Environment Risk: The presence of “Test Codes” often points to Staging or Dev Environments. If these codes work on the live site due to misconfiguration, it reveals a lack of segregation between development and production, a common vulnerability in e-commerce.

Mitigation Strategies

To protect revenue and store integrity, the following strategies are recommended:

• Coupon Audit: Merchants should immediately audit all active coupon codes. Revoke any “Employee,” “Test,” or “Legacy” codes that are no longer needed or were intended for a limited audience.
• Rate Limiting: Implement strict rate limits on coupon redemption. If a single IP address attempts 50 different codes in a minute (credential stuffing for coupons), block it.
• Merchant Phishing Awareness: Store owners should be skeptical of any urgent communications claiming to be from Honey or PayPal Partner Support, especially those asking for login credentials.
• Code Complexity: Move away from generic codes like EMPLOYEE50. Use unique, single-use generated strings for high-value discounts to prevent mass leakage.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com