Personal data of over 600,000 Emag customers compromised in security breach at online billing firm

Personal data of over 600,000 Emag customers compromised in security breach at online billing firm

Thursday, July 18, 2024, 3:05 p.m

687 readings

A security breach at the online invoicing company 2invoice.ro exposed the personal data of more than 1.8 million customers, including more than 600,000 Emag customers. 2invoice representatives are investigating the incident, and the data presented by the hackers appears to be real.

Details of the security breach

Cybersecurity expert Bogdan Albei announced on Wednesday, July 17, on LinkedIn, that hackers posted on a Telegram channel evidence that they obtained information from the database of the company 2invoice.ro. “Massive security breach at 2invoice.ro, online invoicing application. The data of 1,830,000 customers is for sale for 4,000 euros on a Telegram channel. The hackers claim that the database also includes Emag customers. We asked for proof of this and the hackers provided it to us,” Albei wrote.

Of the five printscreens presented by the hackers, it appears that they own four millions of invoices online, containing the data of 1,835,000 customers, of which 625,000 are Emag customers. 2invoice.ro representatives confirmed that they are investigating the incident and that the data presented appears to be authentic. “We are still investigating the incident. It looks good though, especially the list of clients in the table. We will also report the incident, as required by law, and we will take a series of security measures”, they told FANATIK.

Impact on Emag customers

According to experts in the field, Emag customers are not directly affected by this breach, because the online platform does not work directly with the invoicing company 2invoice.ro. However, a small number of Emag partners (30-35), traders who sell their products through the platform, used the services of 2invoice.ro. Therefore, the personal data of these customers could be exposed.

After this incident, the representatives of 2invoice.ro announced that they will report the security breach according to the legislation in force and will implement additional measures to prevent such incidents in the future.

Source: ziare.com