Cyber Incident Victim: Knockcrm.com

The data breach involving Knockcrm.com was part of a larger incident involving a data broker selling stolen user records from 26 companies on a hacker forum. On December 27, 2020, BleepingComputer discovered a forum post advertising the combined sale of 368.8 million user records, with Knockcrm.com listed among the affected entities. The broker categorized Knockcrm.com's breach as previously disclosed, linking it to a May 2020 incident involving Indonesian e-commerce giant Tokopedia. According to the broker’s listing, Knockcrm.com’s dataset contained 6 million user records. This placed Knockcrm.com among 18 companies in the listing with breaches that had been publicly acknowledged prior to the broker’s December 2020 forum activity.

The broker’s advertisement did not specify pricing for Knockcrm.com’s data, unlike Teespring ($3,800-$4,000), MyON ($2,800), or Chqbook ($1,800), suggesting its dataset might have been less recently compromised or less in demand. No additional technical details about the Knockcrm.com breach—such as intrusion methods, data types exposed, or containment actions—were provided in the broker’s post or subsequent BleepingComputer analysis. The article confirmed no direct response from Knockcrm.com regarding the December 2020 resale attempt, contrasting with statements from MyON (which acknowledged a July 2020 breach but denied exposure of student data) and Chqbook (which outright denied being breached). The broader incident highlighted established patterns of breached data being resold by brokers, with historical precedents indicating such sales often precede formal breach disclosures by affected companies. Users of Knockcrm.com were implicitly advised to monitor for credential-based attacks, though no specific phishing campaigns or misuse tied to its dataset were cited in the reporting.