◢ ◤Pedro Sousa◢ ◤

🇵🇹 A threat actor is claiming to sell a database allegedly linked to Rádio Popular containing approximately 364,000 customer records. According to the underground post, the exposed data allegedly includes: • customer contact information • email addresses • phone numbers • mobile numbers • job titles • gender and birth date fields • tax ID references • sales/account metadata • marketing preferences • delivery addresses • order history and payment/shipping details • geolocation/address metadata The actor also claims the dataset contains operational CRM-style fields such as: • assigned sales representatives • fulfillment center information • order status and cancellation details • shipping carrier/tracking references • customer feedback fields • preferred delivery times and languages If legitimate, this would represent more than a simple contact leak. The structure described resembles a full business operations or CRM export, which can significantly increase downstream risks including: • targeted phishing campaigns • business email compromise (BEC) • social engineering attacks • identity theft • fraud using order and delivery data • highly personalized scam campaigns One important observation: datasets containing both customer identity information and behavioral/order metadata are especially valuable to cybercriminals because they enable highly convincing impersonation and fraud operations. The inclusion of: • tax identifiers • detailed order history • delivery addresses • contact status fields could also create elevated privacy and compliance implications under GDPR if verified. At this stage, the claims remain unconfirmed. Underground forum actors frequently exaggerate: • record counts • breach scope • data freshness • source legitimacy However, the detailed schema shown in the post does increase the likelihood that the actor may possess at least partial access to authentic business records. Organizations facing similar exposure scenarios should immediately: • rotate exposed internal credentials • investigate CRM/export activity • audit third-party integrations • review customer notification obligations • monitor for phishing campaigns abusing leaked data • validate whether tax or payment-related information was exposed Customers should remain cautious of: • fake delivery notifications • fraudulent support calls • phishing emails referencing past orders • scams using accurate personal/order details 🇵🇹 #DDW #Intelligence #CyberSecurity #DataBreach #DarkWeb #ThreatIntelligence #GDPR #RetailSecurity #Infosec #Privacy #CyberThreats #OSINT