Brinztech Alert: The Alleged Database of Inter Rapidisimo is Leaked

Dark Web News Analysis

The dark web news reports a significant data privacy and logistics incident involving Inter Rapidisimo, one of Colombia’s largest cargo and courier companies. A threat actor on a hacker forum is circulating a database allegedly containing the sensitive information of 661,126 customers.

The compromised dataset is technically deep. Beyond standard Personally Identifiable Information (PII) like Names, Addresses, Phone Numbers, and User IDs, the leak reportedly contains critical authentication data. This includes Passwords (likely hashed), Auth IDs, API Tokens, Personal Tokens, and Cookie Tokens. The presence of fields like user_dn (User Distinguished Name) suggests the breach may have touched an internal LDAP or Active Directory integration, rather than just a simple web frontend.

Key Cybersecurity Insights

Breaches of logistics giants are “Tier 1” supply chain threats because they control the movement of physical goods and sensitive business documents:

• The “Package Redirect” Fraud: The most immediate risk for a courier company is Service Manipulation. With access to user accounts via leaked passwords or Session Tokens, attackers can reroute active shipments. They can redirect high-value electronics (laptops, phones) to “drop houses” controlled by fences, stealing the physical goods before the legitimate owner realizes the account was compromised.
• Lateral Movement via Tokens: The exposure of API Tokens and Cookie Tokens is highly dangerous. These are “keys to the kingdom” that often bypass Two-Factor Authentication (2FA). Attackers can use valid API tokens to programmatically query the Inter Rapidisimo backend, potentially scraping data on millions of other shipments or injecting malicious orders into the system.
• Internal Network Mapping: The field user_dn is a technical artifact usually found in internal directories. Its presence implies the attackers might have deeper access than just a customer database—possibly a foothold in the corporate identity management system. This increases the risk of Ransomware deployment if they can escalate privileges.
• B2B Supply Chain Risk: Inter Rapidisimo serves thousands of Colombian businesses. If corporate accounts are compromised, attackers can access invoices, client lists, and shipping manifests, facilitating Business Email Compromise (BEC) attacks against the courier’s business partners.

Mitigation Strategies

To protect the logistics network and customer trust, the following strategies are recommended:

• Token Revocation: The IT security team must immediately invalidate all active API Tokens and Session Cookies. This will force all legitimate users and unauthorized attackers to re-authenticate.
• Global Password Reset: Force a mandatory password reset for all 661,126 accounts. Implement Multi-Factor Authentication (MFA) via SMS or App for any login attempt that involves changing a delivery address.
• API Security Audit: Review the permissions associated with the leaked api_tokens. Ensure they follow the Principle of Least Privilege (e.g., a customer token should not be able to access admin-level routing data).
• Customer Advisory: Notify customers to be vigilant for phishing emails claiming “Delivery Failed” or “Customs Fees Due,” as attackers now have their phone numbers and shipping context.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com