Cyber Incident Victim: Wed Me Good
Date:
Oct 2020
Location:
Singapore
Summary
A threat actor advertised stolen user databases from seventeen companies for sale on a hacker forum, including Wedmegood.com, with the broker claiming no direct involvement in the breaches. The compromised data from the wedding planning platform consisted of emails and passwords hashed with SHA-512 encryption, among broader exposure across other victims of credentials, personal identifiers, and financial details. While some affected entities acknowledged incidents, the broker facilitated private sales of aggregated records totaling approximately 34 million users before potential public release.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2020, a threat actor advertised the sale of stolen user databases from seventeen companies on a hacker forum, aggregating approximately 34 million compromised records. Among the affected entities was Wedmegood.com, a wedding planning platform, though the seller clarified they acted solely as a broker for the data and did not conduct the original breaches. The seller provided technical specifications of the exposed Wedmegood.com dataset, confirming it contained user email addresses paired with passwords hashed using the SHA-512 algorithm. No additional personal identifiers or financial data were listed for Wedmegood.com in the broker’s disclosure, distinguishing it from breaches like RedMart.lazada.sg, which included credit card details, or Geekie.com.br, which exposed CPF numbers and dates of birth. The broker indicated these databases were obtained through prior breaches, with sales historically conducted privately for $500 to $100,000 before potential public release.
RedMart publicly acknowledged its breach, but Wedmegood.com and most other listed companies had not issued statements regarding the incident by the article’s publication date of October 31, 2020. The collective datasets spanned diverse industries, including e-commerce, gaming, and hospitality platforms across multiple countries, with Geekie.com.br (8.1 million records), Clip.mx (4.7 million), and Wongnai.com (4.3 million) representing the largest breaches. Exposed authentication methods varied significantly across companies, ranging from weakly hashed MD5 passwords at Eatigo.com and Athletico.com.br to more secure bcrypt implementations at Cermati.com and Invideo.io. The incident underscored risks associated with credential reuse, as compromised emails and password hashes from one service could facilitate unauthorized access to other accounts sharing identical credentials. The broker’s public listing escalated exposure risks by making the data accessible to a broader criminal audience, though no specific evidence of misuse targeting Wedmegood.com users was documented in the source material at the time.