CyHawk Africa has observed a post on a darkweb forum claiming that the Kenyan platform Lita.co.ke suffered a data breach. The threat actor, using the alias kanie2903, shared a download link leading to several CSV files containing sensitive information.
The leaked files reportedly include:
- support_tickets.csv – containing user support emails.
- user_logins.csv – records of login activity, possibly including emails, usernames, and timestamps.
- users(15).csv – database of registered users.
- wp2k_users.csv – a dump of WordPress user accounts and hashed passwords.
Such data could expose personally identifiable information (PII), login credentials, and operational details of the platform.
The actor behind this breach has an established presence on underground forums and has shared leaks in the past. In this case, they did not provide detailed samples but pointed to external hosting for download.
If verified, the exposure of login data and user accounts could pose significant risks to Lita.co.ke and its customers, including:
- Credential stuffing attacks against users who reuse passwords across multiple platforms.
- Phishing attacks leveraging email addresses and login data.
- Reputational and operational impact on the company’s trust with customers.
Disclaimer: This report is based on alleged threat actor claims. CyHawk Africa does not verify or confirm the authenticity of such claims and bears no intent to defame. Content is for awareness and defensive purposes only.