South African e-commerce retailer OneDayOnly has recently suffered a significant data breach orchestrated by the hacking group Kill Security (KillSec). According to reports, KillSec extracted private contact information, account details, and payment methods from OneDayOnly’s cloud storage. The breach was announced via KillSec’s dark web site, where the group has threatened to release the stolen data unless a ransom of $100,000 is paid by September 3, 2024. The hackers’ demands were circulated widely on social media, raising alarm among customers and security experts alike.
OneDayOnly has acknowledged the security incident and is actively investigating the breach. The retailer has assured that no personal customer data or financial information has been compromised, as sensitive information is stored with a separate cloud provider not affected by the breach. The company emphasized that it does not hold credit card information, which is managed by its payment partners. Despite these reassurances, the breach has raised concerns about the safety of sensitive business information and the effectiveness of current security measures.
KillSec, a relatively new player in the cybercrime landscape, first emerged in March 2024 and has since claimed responsibility for multiple breaches across various sectors, including government, finance, and manufacturing. The group is known for its use of Monero cryptocurrency for ransom payments and utilizes communication channels such as Telegram, Session Messenger, and Tox. KillSec’s growing list of victims and its recent activities underscore the escalating threat of ransomware and data theft in the cybersecurity landscape.
The incident involving OneDayOnly is part of a broader trend of increasing cyber threats in South Africa. In June 2023, JD Group, owner of brands like Incredible and Hi-Fi Corp, experienced a similar breach affecting over 500,000 customers. Experts like Charl van der Walt of Orange Cyberdefense highlight that ransomware and Business Email Compromise (BEC) are significant threats facing South African businesses. These threats are amplified by common vulnerabilities such as unpatched systems and weak passwords, stressing the need for enhanced cybersecurity measures across the industry.
Reference:
