A huge trove of account data from 17 companies is for sale since October 28 on a hacker forum. 

The seventeen companies are Geekie.com.br (8.1 million), Clip.mx (4.7 million), Wongnai.com (4.3 million), Cermati.com (2.9 million), Everything5pounds.com (2.9 million), Eatigo.com (2.8 million), Katapult.com (2.2 million), Wedmegood.com (1.3 million), RedMart (1.1 million), Coupontools.com (1 million), W3layouts.com (789 thousand), Game24h.vn (779 thousand), Invideo.io (571 thousand), Apps-builder.com (386 thousand), Fantasycruncher.com (227 thousand), Athletico.com.br (162 thousand), Toddycafe.com (129 thousand).

The threat actor told BleepingComputer that it is only acting as a broker, advertising the stolen data and did not hack the seventeen companies. As per the seller, the account databases are the results of data breaches that took place in 2020, and none of the companies has disclosed security breaches before this week. 

A spokesman from e-commerce giant Lazada, which owns e-grocer Redmart, confirmed the data breach on Friday (Oct 30) and said that the personal information stolen included names, phone numbers, e-mail, mailing addresses, encrypted passwords and partial credit card numbers. The company is in the process of reaching out to affected customers.