Brinztech Alert: Database of Universal Traveller is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a database that they allege was stolen from Universal Traveller, a Malaysian e-commerce company. According to the seller’s post, the database contains sensitive user information, including Personally Identifiable Information (PII) such as names, email addresses, and dates of birth, as well as, critically, user password hashes.

This claim, if true, represents a significant data breach that places Universal Traveller’s customers at immediate risk. The alleged exposure of password hashes, even in a hashed format, is a serious security event. Criminals can use powerful tools to crack weaker passwords, enabling them to take over user accounts on the Universal Traveller platform. More significantly, the email and password combinations will be used in large-scale “credential stuffing” attacks against other websites, threatening any account where a user has reused their password.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to the company’s customers:

• High Risk of Widespread Credential Stuffing Attacks: The most severe and widespread threat from a breach of this nature is credential stuffing. Malicious actors will take the list of emails and cracked passwords and use automated tools to try them on other, more valuable online services like banking, email, and social media, hoping to find accounts with reused passwords.
• Enables Targeted Phishing and Identity Theft: The combination of names, email addresses, and dates of birth provides criminals with a powerful toolkit for crafting convincing phishing campaigns. These can be localized and targeted specifically at the Malaysian customer base to trick them into revealing more sensitive information.
• Direct Threat of E-commerce Account Takeover: If the password hashes are from a weak algorithm or if users have simple, easily guessable passwords, attackers may be able to crack them. ¹ This would allow them to log in directly to customer accounts on Universal Traveller to access saved payment information, make fraudulent purchases, or steal more personal data.   Understanding Pass the Hash attack and how hackers use it – Hedgehog Security www.hedgehogsecurity.co.uk

Mitigation Strategies

In response to this claim, Universal Traveller and its customers must take immediate and decisive action:

• Immediate Credential Invalidation and MFA Enforcement: Universal Traveller must operate under the assumption that the claim is credible. The company should immediately invalidate all user passwords, forcing a mandatory reset for every customer. It is also essential to implement Multi-Factor Authentication (MFA) to secure customer accounts from takeover.
• Activate Incident Response and Verify the Claim: The company must launch a full-scale forensic investigation to determine if a breach occurred, what data was exfiltrated, and how the attackers gained access. This is a critical step to contain the threat and remediate the vulnerability.
• Proactive Customer Notification and Awareness: Universal Traveller should proactively alert its user base to the potential breach. Users must be warned about the risk of targeted phishing scams and, most importantly, be strongly advised to change their password on any other website where they may have reused their Universal Traveller password.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com