Brinztech Alert: 10 Million Record Database of ‘Now Book It’ on Sale

Dark Web News Analysis

A threat actor is advertising a large database for sale on a popular hacker forum, claiming it belongs to the “Now Book It” service. The dataset is substantial, purportedly containing over 10 million records with a heavy concentration of users from Australia (+61) and New Zealand (+64). According to the seller’s post, the compromised data includes a comprehensive set of Personally Identifiable Information (PII): full names, mobile phone numbers, unique email addresses, dates of birth, physical addresses, and potentially user passwords. The seller’s inclusion of a password for a sample file strongly suggests that credentials are part of the breached data.

This is a significant data breach with the potential to impact a large percentage of the population in Australia and New Zealand. The combination of both email addresses and mobile phone numbers in a single database is particularly dangerous, as it equips criminals to launch sophisticated, multi-channel attack campaigns. The richness of the PII would allow them to craft highly convincing and personalized scams, moving far beyond generic spam to targeted fraud attempts.

Key Cybersecurity Insights

This alleged data breach presents several immediate and severe threats:

• Massive PII Leak Targeting Australian and New Zealand Citizens: With over 10 million records, this represents a large-scale compromise of personal data. The geographic focus on Australia and New Zealand creates a regional cybersecurity event, placing a substantial number of individuals at risk of fraud and identity theft.
• High Risk of Coordinated Phishing and Smishing Campaigns: The availability of both email addresses and mobile numbers for the same individuals is a goldmine for attackers. They can orchestrate coordinated campaigns, such as sending a fraudulent email and then a follow-up SMS (smishing) to increase the scam’s legitimacy and pressure the victim into taking action.
• Potential for Widespread Account Takeover Attacks: The strong indication that user passwords are included in the database creates a major risk of credential stuffing. Cybercriminals will use automated tools to test the leaked email and password combinations on other websites, hoping to take over more valuable accounts like banking, email, or social media, where users have reused the same password.

Mitigation Strategies

In response to this critical threat, the company and its users must take immediate action:

• Force an Immediate, Service-Wide Password Reset: “Now Book It” must operate under the assumption that all user credentials have been compromised. The most urgent and critical step is to invalidate the stolen passwords by logging out all users and enforcing a mandatory password reset across the entire platform.
• Launch a Clear and Transparent User Notification Campaign: It is essential to promptly and transparently notify all affected users of the breach. The communication must clearly explain the specific risks they face—especially targeted phishing and smishing attacks impersonating the company—and provide simple, actionable guidance on how to protect their information.
• Mandate Multi-Factor Authentication (MFA): To provide long-term protection against account takeovers, the company must implement and mandate Multi-Factor Authentication (MFA) for all user accounts. MFA is the single most effective control to prevent unauthorized access, even when a user’s password is known to an attacker.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com