A notorious threat actor known as ‘Sorb’ claims to have obtained and is selling a CRM database allegedly linked to Nike’s use of ESnkrs platform. This platform has been compromised, exposing sensitive information from over 42 million log entries (totalling 11.9 GB) spanning four years, from 2020 to 2024.
The ESnkrs platform is a raffle bot that simultaneously automates registration forms and submits entries to multiple raffles. Due to their speed and efficiency at repetitive data entry tasks, these tools allow users to submit significantly more entries than manual submission.
Companies use raffle bots to manage online raffles of limited-edition products like sneakers.
Automating form-filling and submission verification gives users employing these tools a substantial statistical advantage over those entering manually, making traditional single-entry participation increasingly challenging in the current landscape.
The leaked dataset can include a wide range of sensitive user information:
- Discord IDs: Potentially linking users to their online profiles and activities.
- Email addresses: Enabling phishing and spam campaigns.
- Physical and IP addresses: Creating opportunities for doxxing or geographically targeted attacks.
- Proxy usage details: Indicating attempts by users to bypass restrictions, which could interest malicious actors.
This breach poses significant privacy and security risks for affected users if verified. Personal data such as email addresses and physical locations could make them vulnerable to phishing, identity theft, and targeted harassment.
The presence of proxy details could also expose users’ attempts to circumvent regional restrictions, potentially leading to further scrutiny or exploitation.
In other news, Kia Russia faced a massive data leak where hackers stole over 700,000 leads and approximately 120,000 user records. This year, some high-profile government agencies also faced data leaks. For instance, the Brazilian Finance Ministry was hit by a data breach exposing financial information.
In India, too, the child welfare agency of Madhya Pradesh was hit by a ransomware attack by Funksec. The threat actors claim to have infiltrated 2 GB of sensitive data from the agency’s system.
In the News: VLC previews AI-generated subtitles at CES 2025