A threat actor on a popular cybercrime forum has allegedly leaked a database from GetBumpa.com, a leading Nigerian business management platform widely used by SMEs across Africa.
According to the post by the threat actor, ghidra, the compromised dataset reportedly contains details of 526,864+ unique users, including:
- Customer IDs
- Store IDs
- Full Names (First & Last)
- Email Addresses
- Phone Numbers
Bumpa is a business management app designed for African entrepreneurs. It allows SMEs to build websites, manage orders, record sales, receive financial reports, and process payments, making it one of the most widely adopted SME tools across Nigeria and neighboring countries.
If verified, this breach poses serious risks for African SMEs:
- Phishing & Business Email Compromise (BEC): Exposed emails could be leveraged by cybercriminals to launch targeted phishing attacks.
- Identity Theft & Fraud: Phone numbers and names can be exploited for SIM-swapping and impersonation.
- Reputational Risk: SMEs relying on Bumpa for operations may face loss of trust from customers.
This incident highlights an ongoing trend where African fintechs and SME-focused platforms are increasingly being targeted by cybercriminals due to their central role in digital commerce. Similar breaches in recent months have impacted fintech apps, e-commerce platforms, and financial service providers.
Organizations using Bumpa should immediately:
- Reset passwords and enable multi-factor authentication (MFA).
- Monitor for phishing attempts.
- Educate staff and customers about possible fraud campaigns.