A threat actor using the alias N1KA has leaked a database allegedly belonging to Body Graphics Tattoo Supply, an online retailer based in Johannesburg, South Africa, specializing in tattoo and piercing products.
The leaked dataset reportedly contains 6,501 rows of sensitive user information, including:
- Usernames
- Email addresses
- User IDs
- Password hashes
- Registration dates
- Display names and nicknames
- First and last names
- Profile details and descriptions
A sample of the compromised data shared by the threat actor includes customer names, contact information, and account credentials, potentially exposing customers to identity theft, phishing campaigns, and targeted cyberattacks.
At the time of the leak, N1KA claimed responsibility for breaching the retailer’s system and published both a forum post and downloadable links to the stolen data. The disclosure on the dark web forum indicates that the breach not only compromises customer privacy but could also damage the retailer’s reputation and disrupt its business operations.
Potential Risks:
- Credential stuffing attacks using the leaked usernames and passwords on other platforms
- Phishing and social engineering targeting affected customers
- Reputational harm to the brand, impacting customer trust
Security Recommendation:
Customers of Body Graphics Tattoo Supply should immediately change their account passwords, especially if reused on other platforms, enable multi-factor authentication (MFA) where possible, and remain vigilant for suspicious emails or messages.