Cubitts, established in 2012, is an eyeglass manufacturer based in Kings Cross, London, England. The company creates handcrafted frames, and sunglasses, constructed with custom pins that secure the acetate based on a rivet designed by Lewis Cubitt, one of the three Cubitt brothers who inspired the brand name.
On February 18, 2022, hacker acting under alias “pompompurin” has shared on several underground platforms databases allegedly belonging to UK-based company Cubitts.
While data leak have been posted recently, the files are dated back to 23 December 2021. Kaduu Team has analysed them, the total size of the breach is 752mb, it consists of Cubitts users, both domains cubitts.com and cubitts.co.uk concerned, shop customers and payments databases. Total number of users affected is approximately 170,000 users.
The following sensitive information has been leaked:
"username", "salt", "password", "email", "Payment", "TransactionID", "ApprovalCode", "CardData", "CardCountryCode", "EntryMode", "MaskedPan"(masked card number), "PaymentBrand", "CardSeqNumb"(CVV), "ExpiryDate", "TimeStamp", "first_name", "last_name", "birthday", "gender", "created_at", "phone_number", "notes", "doctor", "practice"
Passwords appear in hashed format, one of the hacking forum users suggests that the hash is SHA2 or SHA512 base64 encoded formatted as sha512($salt.$pass) (hashcat mode 1720).
Cubitts hasn’t officially responded to the incident.