Brinztech Alert: The Alleged Database of Lakomka is on Sale

Dark Web News Analysis

The dark web news reports a data breach involving Lakomka, a well-known Belarusian retailer specializing in chocolate and confectionery. A threat actor on a hacker forum is advertising the sale of a database purportedly containing information on over 32,000 customers.

The dataset likely includes Personally Identifiable Information (PII) such as Names, Addresses, Purchase History, and contact details. A notable and unusual detail highlighted in the sale description is the specific absence of Russian customers in the dataset. This suggests the data was either pre-filtered by the attacker or originates from a specific domestic-only partition of the retailer’s system.

Key Cybersecurity Insights

The “clean” nature of this dataset raises questions about the attacker’s identity and intent:

• The “Russian Exclusion” Anomaly: The deliberate absence of Russian customers is a significant threat intelligence indicator. In the underground cybercrime world (especially within the CIS region), many Russian-aligned hacker groups operate under an unwritten rule to never target or sell data belonging to citizens of the “Motherland” (Russia) to avoid attention from local intelligence services (FSB). This suggests the attacker may be operating from within the CIS region and “scrubbed” the list to stay safe, or conversely, it could be a politically motivated filter.
• Niche E-Commerce Profiling: While “candy” seems low-risk, purchase history data is valuable for profiling. It identifies consumers with disposable income (luxury confectionery buyers) and their physical delivery addresses. This creates a high-quality list for localized phishing or spam.
• Credential Stuffing in Belarus: Belarusian users often rely on a small set of local and Russian digital services. Passwords stolen from a retailer like Lakomka will inevitably be tested against local banking apps, delivery services, and government portals (.by domains).
• Physical Address Validation: For a delivery-heavy business, the address data is likely valid and recent. This increases the risk of “brushing” scams or physical marketing fraud targeting these specific households.

Mitigation Strategies

To protect customers and investigate the breach origin, the following strategies are recommended:

• Geopolitical Analysis: The security team should investigate the “Russian exclusion” variable. Does the database structure typically include a “Country” field? If so, seeing only Belarusians confirms a targeted extraction or post-processing filter.
• Customer Notification: Inform the 32,000 affected customers immediately. Advise them to change their passwords, particularly if they use the same credentials for their email or banking.
• Access Control Audit: Review server logs for IPs originating from within the CIS region or known Tor exit nodes to identify how the exfiltration occurred.
• Fraud Monitoring: Lakomka should monitor for an uptick in fraudulent orders using existing customer accounts, as attackers might use the saved address books to ship goods to “drop” locations.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com