Cyber Incident Victim: ModaOperandi.com

On December 31, 2020, BleepingComputer reported a data breach broker advertising stolen user records from twenty-six companies on a hacker forum, totaling 368.8 million compromised accounts. ModaOperandi.com was listed among the affected entities, with 1.2 million user records offered for sale. The broker’s post indicated ModaOperandi’s breach had been previously disclosed, linking to a prior BleepingComputer article about a separate incident where a hacker sold 550 million records across multiple platforms. The forum post appeared the preceding Friday, though the exact date of ModaOperandi’s compromise remained unspecified in available reporting. No pricing details were provided for ModaOperandi’s dataset, unlike Teespring ($3,800–$4,000), MyON ($2,800), and Chqbook ($1,800), which had assigned values.

BleepingComputer’s investigation confirmed eight companies in the broker’s list represented new breaches, but ModaOperandi was not among these newly disclosed incidents. The article did not specify ModaOperandi’s response to the sale or whether the company had issued a breach notification. In contrast, MyON acknowledged a July 2020 intrusion while denying exposure of sensitive student data, and Chqbook disputed the breach entirely. Teespring had quietly disclosed a June 2020 incident via a noindexed webpage, delaying public awareness until December 2020. The report noted historical legitimacy in such broker-sold datasets, urging users of all listed platforms—including ModaOperandi—to reset passwords and monitor for phishing. No further technical details regarding ModaOperandi’s breach methodology, data types exposed, or attacker attribution were provided in the source material.