4 Million LimeTray Records for Sale on Database Marketplace

###### Category Adversary Intelligence
###### Affected Industries IT & Technology
###### Data Fields brand_user_id, brand_id, created_at, email, first_non_void_order_time, first_order_time, first_void_order_time, full_name, last_interaction_time, loss, mobile, revenue, source_id, source_name, total_discount, total_failed_orders, total_loyalty_amount, total_non_void_orders, total_orders, total_preorders, total_void_orders
###### Affected Region SAARC, India

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a database sharing platform, advertising 4 million records of LimeTray.com users. LimeTray is a restaurant management platform that helps restaurants market, engage and sell to more online customers. CloudSEK’s Threat Intelligence Research team is in the process of validating the post.

Potential Impact

The post contains user tables exposing sensitive information such as email addresses and mobile numbers of the affected users. This can potentially be used for social engineering attacks.

Mitigation Measures

  • Use strong passwords
  • Enable multi-factor authentication for all online accounts
  • Don’t share OTPs with third-parties
  • Review online accounts and financial statements periodically
  • Regularly update apps and other software
1 Like