“The world’s best record shop” leaks 701k user records and personal info

Famous Japanese record chain store and music distributor, DiskUnion, has suffered a full-scale cyber attack on June 24, 2022. DiskUnion has been known as a place to buy and sell disks, vinyls, proudly stating “We buy your records higher than anywhere!”.

It first became known that diskunion.net is hacked due to its database being rapidly spread over darknet at 4:42CEST the same day 24.06.2022.

Screenshot of DiskUnion.net before the incident

Plink plink.. Your user records are leaking here

Kaduu Team has analysed leaked files immediately after obtaining them the day of incident. We saved you time and gathered the most important facts about this data leak:

  1. Total number of users affected: 701K users
  2. The following sensitive information from original .sql is now all over darknet: user_id,password,name_sei,name_mei,name_sei_kana,name_mei_kana,zip,pref,city,ville,address_etc,tel,cell,fax,email_address,mail_magazine_flag,reg_date,member_id,torihikisaki_code
  3. The last user activity, according to database, has been made on 2022-06-16. It naturally arise questions about the time of incident and if it has happened earlier than June 24.
  4. Last, but not the least. User passwords have been stored in plain text. No encryption at all (not even MD5).

Incident response

DiskUnion, from their side, reacted almost immediately to the incident by shutting down their website. The company also have acknowledged the data leak and informed all the users by email in the shortest delay. As of July 4, as seen on the website, DiskUnion have fully suspended website activity during the investigation process.

DiskUnion statement. Full report can be read at https://diskunion.net/dubooks/du_english.html

Fast incident reaction – 10, lack of encryption – 0. Result: massive data leak and hundreds of thousands users being victims of targeted attacks for another several months.

A word about threat actors

We believe that threat actors might be connected to, if not coming, from Russia. They have been sharing information previously in Russian, moreover, the original DiskUnion data leak has been shared with the following screenshot:

This is a screenshot from a Russian tool, that analyses email-password “uniqueness” and provides some insights, for example, how many Russians have been affected by this data breach. This screenshot has been shared to prove authenticity of the database and to show that 699k pairs of emails and passwords have not been seen previously in known and publicly available data leaks.

Follow Kaduu News for more articles and stay cyber secured.

Comments are closed.