A major call center service provider in the Middle East has lost an enormous amount of private customer data after being hacked.
Researchers from Resecurity spotted the hackers trying to sell the stolen database on the dark web, via a new thread on the infamous Breached forums, where threat actors usually share resources, buy and sell information, and communicate.
In the thread, the seller said they breached a major AI-powered cloud call center in Saudi Arabia, and accessed its management dashboard, where they found more than 10 million conversations between consumers, operators, and AI bots. These conversations, the researchers further explained, contained things like national ID documents, which the crooks can easily exfiltrate and sort, creating a powerful database of fresh, relevant information.
Selling access
“Selling: 1k enterprise customers, 1m end users (not customers, but users who use their chats on various services, like banks, airlines, etc.), 10m+ chat messages/communications, GBs of documents (sent by customers and attached when chatting with AI assistant) – will give as a bonus, access to admin panel + VPN ( engineer)”, the ad reads.
This is incredibly valuable information for threat actors, who can later use it in phishing attacks, identity theft, social engineering attacks, and other malicious activity.
“Big data and access useful (sic) for social engineering and other maneuvers, especially when you are in session with client. VPN is needed to access it under engineer,” the ad concludes.
The database is being sold for $15,000, to be paid in either bitcoin or monero.
Resecurity said that the attackers were spotted and quickly removed from the systems, so the access being sold with the database is most likely not valid any more. However, the damage from the stolen database remains.
Via InfoSecurity