Brinztech Alert: The Alleged Database of Class.am is Leaked

Dark Web News Analysis

The dark web news reports a potential data privacy incident involving Class.am, a prominent Armenian online classifieds platform. A threat actor is circulating a leaked dataset contained within a .csv file.

While the file reportedly contains 59 rows, suggesting it may be a “proof of concept” sample or a targeted extraction rather than a full dump, the data fields are highly sensitive. The leak includes User IDs, Phone Numbers (Msisdn), Mobile Operator Information, Service Numbers, Dates, and critically, Text Messages. The presence of message logs elevates this from a simple contact list leak to a breach of private communications.

Key Cybersecurity Insights

Breaches of classifieds platforms are “Tier 1” privacy threats because they often contain the negotiation history and private contact details of users:

• The “Smishing” Vector: The exposure of Phone Numbers (Msisdn) combined with Mobile Operator Info allows attackers to craft highly targeted “Smishing” (SMS phishing) campaigns. Attackers can send messages that appear to come from the user’s specific carrier (e.g., Ucom or Viva-MTS) or from Class.am itself, claiming a “listing issue” to steal login credentials.
• SMS Privacy Violation: The inclusion of a “Text” field is the most concerning aspect. If these are SMS logs or platform chat messages, it reveals private negotiations, potentially including price haggling, meeting locations, or unmasked personal contacts shared between buyers and sellers.
• Account Takeover Risk: The User IDs and Phone Numbers can be used to attempt account takeovers. If the platform relies on SMS-based 2FA or password resets, attackers having the phone number is the first step in a SIM-swapping or interception attack workflow.
• Sample vs. Full Breach: Although the current file contains only 59 rows, such leaks often serve as a “teaser” to prove validity before a threat actor sells a larger database privately. Organizations must treat this as a verified breach of the system’s integrity until proven otherwise.

Mitigation Strategies

To protect user privacy and platform trust, the following strategies are recommended:

• Session Invalidation: Class.am should invalidate active sessions for the users identified in the 59 rows and conduct a wider audit to see if unauthorized queries extracted more data.
• User Advisory: Issue a warning to users about the risk of SMS scams. Remind them that Class.am will never ask for their password or credit card details via text message.
• Access Control Audit: Review database logs to determine how the “Text” and “Msisdn” fields were accessed. Was it an API vulnerability (IDOR) or a compromised support account?
• Password Reset: Mandate a password reset for affected users to prevent attackers from using the exposed User IDs to brute-force accounts.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com