An online account allegedly behind MyDeal data breach that has affected more than 2 million Australians claims they have sold the stolen user data on an online forum for $600.
The user known only as “dior” on forum has updated the listing with a "SOLD" tag after the dump was first listed on Sunday.
The so-called hacker had posted a sample of the dataset including 500 records to prove their authenticity and said the amount of data was "1,000,000+ (still parsing it so will be higher than this...)".
Woolworths Group, which acquired a majority stake in MyDeal in September, said last Friday “…a compromised user credential was used to gain unauthorised access to its Customer Relationship Management (CRM) system”.
"MyDeal is in the process of contacting the approximately 2.2 million affected customers by email. MyDeal customers who are not contacted by MyDeal have not had their details accessed in the breach. Woolworths Group and MyDeal have also commenced engagement with relevant regulatory authorities and government agencies."
It is the third breach at a major Australian company in the last month after Optus data breach and Medibank network disruptions.
