Made to Sell

We noticed a significant data leak surfacing on June 3rd, 2023, originating from an entity identified as "Made to Sell." What struck us immediately was the sheer volume of personal information compromised, affecting over two million individuals. The nature of the leaked data, encompassing not only contact details but also hashed passwords and demographic information, presents a multifaceted risk to the affected users. This incident underscores a persistent vulnerability in how organizations manage and protect customer databases, particularly in the retail and consultancy sectors where such data is routinely collected.

The breach, classified as a database compromise, appears to have occurred prior to its discovery in June 2023. Analysis of the leaked data reveals approximately 2.2 million records were exposed. The compromised data types include email addresses, phone numbers, first and last names, gender, birthdays, and password hashes. The hashes are a mix of SHA1 and bcrypt, with the former representing a more significant concern due to its known weaknesses. While the exact source structure of the compromised database is still under investigation, the breadth of information suggests a comprehensive customer or user profile repository was targeted. The leak locations are currently being tracked across various underground forums and marketplaces, indicating potential for widespread misuse.

At present, there has been limited public news coverage regarding the "Made to Sell" breach, suggesting it may not have reached mainstream media attention. Open-source intelligence (OSINT) efforts are ongoing to identify any early discussions or indicators of compromise within the threat actor community. Further research into the retail consultancy sector's typical data handling practices and known vulnerabilities in database management systems may provide additional context for this incident.