During a recent cyber incident, the personal data of over 7.5 million customers of Boat, a renowned manufacturer of audio products and smartwatches, was compromised and surfaced on the dark web. The exposed information includes sensitive details such as names, addresses, phone numbers, email addresses, and customer IDs. Boat has not yet provided any official statement regarding this breach.


According to reports from Forbes, the breach was disclosed by a hacker known as ShopifyGUY, who stated that he/she gained access to Boat Lifestyle's database on April 5. The hacker proceeded to share files containing the breached data, which reportedly comprises 7,550,000 entries, on a dark web forum. This poses a significant threat to the affected customers, exposing them to potential risks like financial fraud, phishing attempts, and identity theft.


Saumay Srivastava, a Threat Intelligence Researcher, emphasized the severe consequences of such data breaches. He mentioned that cybercriminals could utilise the compromised personal information for advanced social engineering attacks, gaining unauthorised entry into bank accounts, executing fraudulent transactions, and exploiting credit card details.


Rakesh Krishnan, a senior threat analyst at NetEnrich, suggested that the hacker likely obtained access to the data well before its appearance on the dark web forum. He speculated that the purpose of the leak may be to build the hacker’s reputation within the cybercrime community, given that the leaker is relatively new and this breach is their sole claim to notoriety.


Boat Users' Leaked Data Available At Just €2


The founder of Security Brigade (a global leader in information security consulting services), Yash Kadaki, said “The data is available for eight credits on some forums, so literally, it costs two euros to buy the data. It’ll probably be available for free in a few days on Telegram. This data will be used by a lot of scammers for different phone and email scams,” as reported by Gizmochina.


The compromised data could be exploited by scammers for deceptive emails and phone calls, emphasising the urgency for Boat to take appropriate measures following the breach. However, as of now, the company has not publicly acknowledged the breach or offered guidance to impacted customers.