Over 500,000 Records Belonging to Were Leaked Online

By Bill Toulas / September 17, 2021

A RaidForums user has posted a database that allegedly belongs to the site Offrea, containing over half a million user records and three thousand login details. As the user details in the post, the administrators used very weak passwords and outdated software, so taking advantage of SQL injection potential was trivial. The hacker further alleges that they tried to contact the website administrators multiple times, starting in March 2021, but they never received any response.

Image: TechNadu is a Belgian site that allows users to find professional craftsmen and technicians for various works on their home, like cleaning, plumbing, fixing electrical problems, maintaining AC units, building roofs, doing gardening, etc. The site has over 3,000 registered professionals, which matches the number of leaked credentials and claims to serve 6,800 orders each month.

The user records supposedly contain names, email addresses, physical addresses, and IP addresses, while the login details are limited to names, email addresses, and passwords. French journalist Damien Bancal has sampled the data to confirm its validity, and indeed he has found the promised details inside the nine databases that constitute the leaked pack.

If you have used Offrea services in the past, treat your credentials as compromised, so go ahead and reset them from wherever you were using them. Additionally, stay alert against phishing and scamming attempts, especially those that use this very incident as a hook. To our knowledge, Offrea is not circulating any notices of a breach, and even if they did, they wouldn’t ask you to share any personal or sensitive details to confirm your identity or whatever. If an email takes you to a login site, supposedly for resetting your password, pay attention to the URL and validate it before you type anything.

Update Sep. 17: Offrea has provided the following comment to TechNadu:

We can confirm that Offrea has been the victim of hackers. However, this attack already dates back to May 28th. At that time, all the users involved have been notified by us, as well as the relevant authorities. We conducted an extended security audit and the issues have been fixed. We have received several threats from the hacker (such as making the data publicly available). We were advised by the police not to respond to these extortion efforts. We trust the case is now being handled by the court of Antwerp.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: