Cyber Incident Victim: MyShopCasa

On or around June 16, 2023, a cybersecurity incident involving the Italian company MyShopCasa was publicly disclosed. The disclosure occurred when a post was published on a Russian-language underground cybercriminal forum. This post served as a sales advertisement for data allegedly stolen from the company. The forum post included a sample record summarizing the nature of the data breach and provided contact information for the cybercriminal responsible, enabling potential buyers to initiate negotiations for the purchase of the stolen information. The data set offered for sale contained approximately 8,700 records, with the stolen data reportedly being current and updated as of 2023.

The specific customer records exfiltrated and put up for sale included a range of personal and commercial identifiers. The data fields comprised Id, Company Name (Titolo sociale), First Name (Nome), Last Name (Cognome), email address, Sales data (Vendite), an Activated status flag (Attivato), Newsletter subscription status, Opt-in status, Registration date (Registrazione), and the date of the Last Visit (Ultima visita). This combination of data points represents a significant compromise of customer personal identifiable information and commercial interaction history with the company. The theft and public sale advertisement indicate that the attackers successfully gained unauthorized access to the company's customer database or related systems housing this information.

The incident was detected externally through monitoring of underground cybercriminal forums by security researchers and journalists, not through a public statement from MyShopCasa itself. At the time of the initial report on June 16, 2023, no official breach notification or informational statement regarding the alleged cyber attack was found on the MyShopCasa website. The company had not publicly acknowledged the security event or informed its customer base of the potential compromise of their personal data through its official channels immediately following the disclosure on the criminal forum.

The primary impact of the incident was the exposure of sensitive personal data belonging to approximately 8,700 MyShopCasa customers. The consequences of this data breach include a high risk of the affected individuals being targeted by phishing campaigns, spam, and other forms of social engineering attacks using their exposed email addresses, names, and other details. The inclusion of sales history and engagement metrics could allow for more sophisticated and targeted fraudulent approaches. The exposure of this data also carries potential reputational damage for MyShopCasa, as customer trust may be eroded due to the failure to prevent the breach and the subsequent lack of immediate public communication. The act of selling the data on a criminal forum ensures its proliferation within the cybercriminal ecosystem, making it permanently available for misuse.

The forum used for the advertisement is described as a hidden, private online community where cybercriminals gather to share knowledge, exchange sensitive information, and collaborate on illegal activities related to cybercrime. Access to such forums is typically restricted to selected members or by invitation, often requiring a high level of technical knowledge to participate. These platforms are used to discuss hacking techniques, vulnerabilities, methods to evade security measures, phishing strategies, and to operate digital black markets for selling stolen data, cloned credit cards, and cyber attack tools. Law enforcement and cybersecurity authorities constantly monitor these forums in an attempt to infiltrate them, identify criminals, and make arrests, though the forums are noted for their constant evolution and ability to quickly change locations to evade surveillance. The closure of similar forums like Breach Forums and Raid Forums in prior international operations was cited as an example of this ongoing struggle.

The initial public response to the incident came from cybersecurity news outlets that reported on the forum post. An offer was extended to MyShopCasa to provide a statement or updates on the situation, with an indication that any provided statement would be published in a dedicated article to highlight the company's position. A commitment was made to monitor the evolution of the situation and to publish further news on the blog should substantial updates emerge. A channel for anonymous whistleblowers with information on the facts was also provided, using an encrypted email address, to facilitate the flow of information from informed sources. The lack of an immediate public response from the victim company suggests that its initial response actions may have been focused on internal investigation, assessment, and containment rather than on public disclosure at that very early stage. The specific technical response actions taken by MyShopCasa to contain the breach, such as identifying the attack vector, patching vulnerabilities, or securing their systems, were not detailed in the available information. The scope of the attack was confined to the customer database, with no mention of other systems, financial data, or internal corporate networks being compromised. The attacker's actions appear to have been financially motivated, focused solely on data exfiltration for the purpose of resale on the criminal market, rather than on destructive attacks or ransomware deployment. The method of initial access used by the attackers to penetrate the MyShopCasa network and gain access to the customer database was not specified in the forum post or the subsequent reporting.