Blockchain company user-base dumped online.
30 May 2022BREACHAWARE HQ
A total of 22 breach events
were found and analysed resulting in 5,969,445 exposed accounts
containing a total of 17 different data types of personal datum
. The breaches found publicly and freely available included ZoomCar, Knife Centre, Instagram, My Pirate and Deliver Club. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Locational Data, Financial Data, Transactional Data, Behavioural Data, Usage Data, Socia-Demographic Data.
Data Breach Analysis
Among the notable breaches, ZoomCar, a prominent car-sharing service operating in India and other regions, was included. In the mobility sector, account data can tie users to physical locations and schedules, and if misused, this information could enable not just financial fraud but also risks to personal safety or vehicle misuse. Companies like ZoomCar typically maintain detailed profiles for driver verification, rental history, and payment credentials, making them a ripe target for bad actors.Knife Centre, an e-commerce site known for selling knives, tools, and outdoor gear, was another entity affected. Retail sites are frequent targets due to their wealth of customer data. from names and contact details to purchase histories. While this type of data may not seem sensitive at first glance, it can be weaponised in phishing attacks or used to build more detailed identity profiles.
The inclusion of Instagram, one of the world’s largest social media platforms, raises critical privacy and reputational questions. Whether the data originated from third-party integrations, scraped content, or direct breaches, the implications are considerable. Social media accounts often carry not just personal details but also interpersonal networks, photos, behavioural patterns, and even authentication tokens. When compromised, these accounts can be hijacked, impersonated, or mined for further exploitation.
My Pirate, a lesser-known digital platform with potential connections to file-sharing or entertainment content, was also listed among the breached entities. These platforms may be associated with niche user communities or content consumption habits that users prefer to keep private. A breach here could lead to embarrassment or unwanted scrutiny, particularly if login credentials overlap with more critical services.
The final highlight is Deliver Club, a food delivery service. Like many platforms in the gig and e-commerce economy, Deliver Club likely retains a combination of delivery addresses, order patterns, and stored payment details. A breach here doesn’t just compromise a user’s food order history, it potentially opens up sensitive information tied to daily routines and household data.
What ties these incidents together is the diversity of industries involved: from transport and food services to commerce and entertainment, it is clear that the digitisation of services has significantly widened the attack surface. No sector, regardless of its size or perceived value, can consider itself immune.
For individuals, the consequences of these exposures are not always immediate, but they are cumulative. With enough compromised fragments across multiple platforms, malicious actors can execute more precise phishing campaigns, facilitate identity theft, or gain unauthorised access to connected services. Users who reuse passwords or fail to enable multi-factor authentication are particularly at risk.
For the businesses involved, the impacts range from loss of consumer trust to regulatory scrutiny. In sectors such as transportation or social networking, where user trust is essential, a data breach can result in churn, negative media attention, and potential class-action litigation. Furthermore, organisations that fail to disclose breaches or mitigate their impacts swiftly may face fines under data protection frameworks like the GDPR or similar regional laws.
This wave of exposures reinforces a growing concern in the cybersecurity community: the normalisation of data breaches. As breaches become increasingly frequent, there’s a danger that organisations and users alike become desensitised to their implications. But each breach is a reminder that data is not just digital, it's personal, contextual, and often irreplaceable.
Organisations must adopt a more security-conscious posture, prioritising minimal data collection, strict access controls, and rapid breach response plans. Equally, users should be empowered through education to better understand what data they share, where they share it, and how to protect themselves in the event of exposure.
In summary, these 22 breach events and the nearly 6 million affected accounts highlight the widening scope of digital risk. With data breaches touching every corner of online life, vigilance, both corporate and individual, is no longer optional, but essential.
Spotlight
Gaming websites are back in vogue this week with three platforms compromised, a social media platform is the talk of the forums, a car rental company, a bespoke blockchain company, online retailers, a service that provides disposable email addresses, another web hosting company and a number of retailers, two manufacturers and a fiscal government department and a joint emergency federal service to name many more.A blockchain company that provides verifiable sharing of digital documents, which means a way of verifying the legitimacy of a text document, has been exposed online and their user-base dumped on one of the many hacking forums. We’re not entirely sure how fresh the data leak is, but it seems like their whole user-base is circulating online. This kind of technology has many applications, for example they are using the service to verify shipping documents, healthcare records, education credentials , ID and access management and the use of preserving the privacy of Non-Fungible Tokens (NFTs) in the metaverse.
Another set of data publicly found was a sensor company which specialises in automation, such as identification systems and data transmission. There are several large files floating around with sensitive information, such as bank statements, daily sales and payroll reports. The company employs over 1400 people around the world and has a stellar client base. To quote one of the BreachAware Researchers, “they say it is globally positioned to create tomorrow's innovations. Well, what ever innovations they have, they’ve been breached.”
The final breach to comment on was on a well-documented and reported breach of a popular social media platform. Why was there a buzz on the forums? It is supposedly limited to influencers and celebrities’ credentials that use the platform.