Learn more details about this incident in the article.
With its 300+ millions unique shoppers, as stated on the company’s website, “Locally” has recently faced a cyberattack.
Locally is a platform of tools dedicated to helping online shoppers find their favourite products in-stock at nearby stores. Company is trying to create the world’s largest network of specialty brands and retailers so it’s easier to shop online and buy locally.
The company is counting more than 15,000 local stores. It’s also a partner to more than 500 premium brands. Locally is present at least in 5,500 cities worldwide.
The list of brands-partners of Locally is really impressive. We’ve checked the key clients and have noticed among them such brands as: 4Ocean, Abu Garcia, ADIDAS, ASICS, Bell, Canada Goose, Camp Chef, Crocs, Dr. Martens, Drake, DT Swiss, Garmin, Gerber, GoPro, Greenfield, High Sierra, HOKA, Levi’s, New Balance, NIKE, Patagonia, Puma, QuickSilver, Ray-Ban, Reebok, Rip Curl, Swarovski, The North Face, Timberland, UGG, Vans, Yakima, YETI.
What has happened?
In the evening of October 1, 2022, based on the SQL dump creation date, the online-to-offline shopping platform Locally suffered a data breach. The day after a users database has appeared online on an underground hacking forum.
The leak has led to the exposure of data including the following:
- First and Last names,
- Phone numbers,
- Emails and PayPal Emails,
- Order details,
- Physical addresses,
- Partial card details,
- Delivery details
- and Passwords stored as Bcrypt hashes.
In total, 289k users has been affected by this data leak. The threat actor hasn’t shared information on the attack vector.
At the moment of writing this article, Locally has not released any statement concerning the recent cyber security incident.
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.