Data belonging to sportswear company Puma was spotted on the dark web marketplace Marketo. A threat actor claimed to have stolen 1 Gb of data from the company.
The ad on Marketo, which is available on the Dark Web through the Tor browser, claims that there is about 1GB of data stolen from a company that is now auctioned off to the highest bidder.
Marketo is an organized ‘marketplace of stolen data’ as the website owners claim. They do not operate as a typical ransomware group distributing malware to disrupt the operation of an infected victim and ask for a ransom.
One of the unique features of the Marketo marketplace is the ability to bid on stolen data. This feature allows users to compete against each other for the data that the marketplace has. Interestingly, these bidders can include the end victim.
Over 157 threat actors have made a bid to acquire sensitive data since it has been posted for sale.
Some files stolen from the company contained source code that was probably be used for the company’s Product Management Portal. The code analyzed by experts revealed that the files were probably stolen after a data breach of a third-party software provider. This data could be used by hackers to carry out more sophisticated attacks against the company’s IT systems.
Other victims that were listed on Marketo in the past include Siemens Gamesa Renewable Energy, American Signal Corporation, Line Energy, Navistar, Homewood Health, The City University of New York, and dozens of other organizations.
Puma is a German corporation that designs and manufactures athletic and casual footwear, apparel, and accessories. Puma closed the year 2019 with a record revenue of 5 billion euros (5.4 billion dollars).