Cyber Incident Victim: Toddycafe.com

On October 28, 2020, a threat actor advertised stolen user databases from seventeen companies for sale on a hacker forum, aggregating approximately 34 million records. The seller operated as a data breach broker rather than the original attacker, facilitating the sale of databases obtained from third-party breaches. Toddycafe.com was among the affected entities, with its database containing user email addresses and passwords of unspecified hashing status. The broker’s forum post initiated private sales of these datasets, which typically involved exclusive transactions ranging from $500 to $100,000 before eventual public release. Other prominent victims included Geekie.com.br (8.1 million records), Clip.mx (4.7 million), and Wongnai.com (4.3 million). RedMart publicly acknowledged its breach, but Toddycafe.com and most other listed companies had not confirmed compromises at the time of reporting.

The Toddycafe.com breach exposed user email credentials, though the encryption method for passwords remained unidentified, unlike other victims where specific hashing algorithms like bcrypt or MD5 were documented. The aggregated datasets across all seventeen companies included diverse personal information such as names, addresses, phone numbers, tax identifiers, and payment card details, depending on the source. No remediation efforts or victim notifications by Toddycafe.com were reported. The broker provided samples verifying the authenticity of each dataset, though the article did not specify whether Toddycafe’s data was among those validated. The incident heightened risks of credential-stuffing attacks due to potential password reuse across services, though the narrative did not attribute any subsequent malicious activity directly to the Toddycafe.com breach.