BAT is based in the United Kingdom.
It is one of the world’s largest manufacturers of tobacco and nicotine products.
The web platform is part of a BAT Romania promotional campaign targeting adult smokers.
Through the platform, Romanian residents can win tickets to parties and events featuring well-known local and international performers.
Romanian law prohibits most kinds of tobacco advertising.
The data breach involvessensitive personally identifiable information (PII)of users.
Even more worrying is that our team discovered that the unsecured server hasalready been compromised by ransomware.
As of November 27th the database was finally closed, but nobody ever replied to us.
The leaked database involves close to352 GB of data.
Unfortunately, that is exactly what happened here.
By the time our research team discovered the data breach, the server had already been compromised by ransomware.
We found 53 indices on the server, but nearly all of them were empty.
It is likely that these indices were created by the hackers responsible for the ransomware attack.
The hackers are demanding a Bitcoin payment in exchange for the data.
Daily Logs
Even after being tampered with, the server still contained some meaningful data.
We could view daily logs from the past seven days, each stored in a separate index.
The logs seem to be records of http communications through the YOUniverse web platform.
The meaning of some of the internal data was unclear.
Some of the entries included messages written in Romanian.
They appear to be queries submitted by users, who may be customers or affiliates.
For example, some of the messages ask for assistance and describe problems with prizes and rewards codes.
kindly provide me with a solution to use the 2 vouchers.
The database also contained somemetadata related to outgoing emailsthat failed to reach the recipient.
These entries only contained metadata, not the actual message content of the emails.
The sender’s email domain, MereuMaiMult, is associated with BAT Romania.
Mereu mai mult is a Romanian phrase that roughly translates to “always more.”
It is part of the same promotional campaign as YOUniverse.
These include YOUniverse.ro, the YOUniverse mobile system, experiencemore.ro, mereumaimult.ro, preprietenie.ro, and theunseen.ro.
We also discovered login credentials to a Microsoft Dynamic CRM system, including unencrypted passwords.
Unfortunately, this means there might be even more data exposed.
This code is used to comply with Romanian law.
That is concerning becauseCNP refers to a Romanian national identity card number.
On the other hand, some entries contain null or duplicate data.
It is possible that a large number of users have had their privacy compromised by this data breach.
Scams and Phishing Attacks
The data breach exposed contact information for a large number of users.
Leaked emails and phone numbers put people at risk ofphishing attacks and scams.
Malicious parties could use other personal details from the data breach to createtailored phishing attacksthat target individual users.
Phishing attacks can take the form of emails that seem legitimate.
Users could also be at risk of becoming victims of text message and phone scams.
This information could help competitors to effectively target active smokers.
This could provide a big benefit to BAT Romania’s competition.
Privacy Concerns for Smokers
The data breach compromises users' privacy in another potentially harmful way.
For example, insurance companies often have different rates for smokers.
Even if the ransom request is paid,there is no way to truly get back the leaked information.
Another concern is that other companies' servers may be affected.
This could mean that the data was already leaked and is now in the hands of a criminal organization.
The data breach could have been prevented with some basic security measures.
Our research team scans ports to find known IP blocks.
The team then searches for vulnerabilities in the system that would indicate an open database.
Once a data breach is found, our team links the database back to the owner.
As ethical hackers and researchers, we never sell, store, or expose the information we encounter.
Our goal is to improve the overall safety and security of the internet for everyone.
About Us and Previous Reports
vpnMentor is the world’s largest VPN review website.
We recently discovered ahuge data breach in Ecuador that affected millions of individuals.
We also revealed amassive fraud web link targeting Groupon and online ticket vendors.
yo, comment on how to improve this article.
