Database and Source Code of Egypt-Based Lucky App Allegedly Offered for Sale by Threat Actor

Threat Actor: Unknown | Unknown
Victim: Lucky app users | Lucky app users
Price: Not specified
Exfiltrated Data Type: Database and source code of Lucky app

Additional Information:

  • The threat actor is allegedly offering for sale the database and source code of the Lucky app.
  • The Lucky app is a prominent app for credit products and loyalty rewards in Egypt, developed by Dsquares.
  • The database contains information for 650,000 users and is sized at 1.2GB.
  • The backend source code for Couponz and Loyalty360, built on .NET technology, is also included in the sale.
  • The threat actor is willing to provide proofs or samples of the source code to serious buyers upon request.
  • Sample data from the LuckyUser and AdminUser tables has been disclosed, revealing the structure and contents of the compromised data.
  • This incident raises concerns about the security and privacy of Lucky app users.
  • The sale of the database and source code highlights the persistent threat posed by cybercriminals in the digital landscape.

Reports emerge of a concerning development as a threat actor alleges to be offering for sale the database and source code of Lucky, a prominent app for credit products, renowned for its offerings and cashback services in Egypt. Developed by Dsquares, Lucky boasts over 5 million installs across various platforms, establishing itself as a leading player in the realm of credit products and loyalty rewards.

The purported sale includes the database of the Lucky app, housing information for 650,000 users, along with the backend source code for Couponz and Loyalty360, built on .NET technology. The database, sized at 1.2GB, is being marketed to potential buyers, with the threat actor offering to share proofs or samples of the source code upon request from serious buyers. Notably, sample data from the LuckyUser and AdminUser tables has been disclosed, providing insights into the structure and contents of the compromised data. The revelation raises significant concerns regarding the security and privacy of Lucky app users and underscores the persistent threat posed by cybercriminals in the digital landscape.

LuckyUser Table Columns:

– Id
– Email
– EmailConfirmed
– PasswordHash
– SecurityStamp
– PhoneNumber
– PhoneNumberConfirmed
– TwoFactorEnabled
– LockoutEndDateUtc
– LockoutEnabled
– AccessFailedCount
– UserName
– FullName
– ReferralCode
– Birthdate
– ProfilePicName
– RegistrationOtp
– RegistrationOtpCreatedDateTime
– IsActive
– ProfilePicPath
– GenderId
– AccountTypeId
– TempUnconfirmedEmail
– TempUnconfirmedPhoneNumber
– CreatedDate
– ResetPasswordOtp
– ResetPasswordOtpCreatedDateTime
– LoginOtp
– LoginOtpCreatedDateTime
– FailedCount
– LastLoginDate
– LastFailedLoginDate
– SendingOtpSmsBlockedtill
– IsMailVerified
– SocialId
– IsMerged
– IsDeleted
– BaseLineDate
– CashOutEmailVerificationOtp
– CashOutMobileVerificationOtp
– CashOutMobileVerificationOtpCreatedDateTime
– CashOutMobileVerificationTrialsCount

AdminUser Table Columns:

– UserID
– FullName
– UserName
– UserPassword
– Disabled
– RoleId
– Mobile
– Email
– BranchId
– Merchantid

Original Source: https://dailydarkweb.net/threat-actor-allegedly-offers-database-and-source-code-of-egypt-based-lucky-app-for-sale/