Brinztech Alert: The Alleged Database of Njuskalo is on Sale

Dark Web News Analysis

The dark web news reports a significant data breach involving Njuškalo (njuskalo.hr), the largest online classifieds platform in Croatia. A threat actor on a hacker forum is selling a database allegedly containing 412,000 user profiles.

The compromised dataset is described as highly detailed, reportedly containing Full Names, Contact Numbers, Email Addresses, and critical Physical Location Data. The sale of such granular data targeting a specific national user base indicates a potential for highly localized criminal activity.

Key Cybersecurity Insights

Breaches of classifieds platforms are “Tier 1” physical security threats because they connect digital identities to real-world assets and locations:

• The “Marketplace” Burglary Risk: [No image] The exposure of Physical Location Data alongside Phone Numbers creates a severe physical security risk. Attackers can cross-reference this data with users’ public listings (e.g., selling expensive electronics, cars, or jewelry) to identify high-value targets for burglary, knowing exactly where the items are located.
• Targeted Vishing (Voice Phishing): With Contact Numbers and Names, scammers can launch “Vishing” attacks posing as Njuškalo support or potential buyers. A common scam involves sending a fake “Njuškalo Pay” link via SMS to “confirm a sale,” which actually steals banking credentials.
• Credential Stuffing: Users of classified sites often reuse passwords. Attackers will likely test the 412,000 email/password combinations against other Croatian services (e.g., telecom providers, banking apps) to hijack more valuable accounts.
• Identity Theft: The combination of full names and phone numbers provides the necessary components for SIM swapping attacks or subscription fraud (opening phone contracts in the victim’s name).

Mitigation Strategies

To protect user safety and platform integrity, the following strategies are recommended:

• Physical Security Advisory: Njuškalo should proactively warn users who are selling high-value items to be extra vigilant about sharing their home address and to meet buyers in public “Safe Zones” (e.g., police station parking lots).
• Password Reset: Force a mandatory password reset for all 412,000 affected accounts to prevent account takeovers.
• Scam Warning Banner: Implement a prominent banner on the app and website warning users that Njuškalo will never ask for credit card details via SMS or WhatsApp links.
• MFA Implementation: Encourage or enforce Multi-Factor Authentication (MFA) for seller accounts to prevent attackers from modifying listings or redirecting payments.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com