Cyber Incident Victim: E27

On or around June 26, 2020, Asian media and technology startup platform E27 suffered a cyberattack by a group identifying itself as "Korean Hackers" and "Team Johnwick." The attackers breached E27's systems, exfiltrating source code and a database containing user information such as emails, mobile numbers, encrypted passwords, documents, and profile images. Evidence provided to BleepingComputer included images of the compromised server's file system, databases, and source code files that exposed database credentials. The hacking group contacted media outlets to disclose the breach and issued a demand to E27 for a "small donation" in exchange for revealing the vulnerabilities exploited in the attack. This mirrored their previous tactics observed in the Zee5 breach, where they similarly leveraged stolen data to solicit payments under the guise of vulnerability disclosure.

E27 CEO Mohan Belani notified users via email on the day of the breach, confirming unauthorized access to their systems and advising legacy email-and-password users to change their encrypted passwords despite asserting that no plaintext passwords or payment information were stored. The company emphasized reliance on third-party authentication via Facebook and LinkedIn for most logins. Belani stated E27 had engaged law enforcement and relevant government authorities for guidance, prioritizing platform restoration with support from cybersecurity community leaders. The breach notification explicitly cited transparency and trust as motivations for disclosure, acknowledging potential inconvenience to users. Impacted individuals were urged to change E27 passwords immediately and to avoid password reuse across other services to mitigate credential-stuffing risks stemming from the incident.