Over 500,000 Records Belonging to Offrea.be Were Leaked Online

  • Belgian handyman services website 'Offrea.be' appears to have been hacked, and user database has leaked online.
  • The number of people affected by this security lapse is counted in the hundreds of thousands.
  • The platform hasn’t confirmed a breach yet, but a journalist has validated some of the entries.

A RaidForums user has posted a database that allegedly belongs to the site Offrea, containing over half a million user records and three thousand login details. As the user details in the post, the administrators used very weak passwords and outdated software, so taking advantage of SQL injection potential was trivial. The hacker further alleges that they tried to contact the website administrators multiple times, starting in March 2021, but they never received any response.

Image: TechNadu

Offrea.be is a Belgian site that allows users to find professional craftsmen and technicians for various works on their home, like cleaning, plumbing, fixing electrical problems, maintaining AC units, building roofs, doing gardening, etc. The site has over 3,000 registered professionals, which matches the number of leaked credentials and claims to serve 6,800 orders each month.

The user records supposedly contain names, email addresses, physical addresses, and IP addresses, while the login details are limited to names, email addresses, and passwords. French journalist Damien Bancal has sampled the data to confirm its validity, and indeed he has found the promised details inside the nine databases that constitute the leaked pack.

If you have used Offrea services in the past, treat your credentials as compromised, so go ahead and reset them from wherever you were using them. Additionally, stay alert against phishing and scamming attempts, especially those that use this very incident as a hook. To our knowledge, Offrea is not circulating any notices of a breach, and even if they did, they wouldn’t ask you to share any personal or sensitive details to confirm your identity or whatever. If an email takes you to a login site, supposedly for resetting your password, pay attention to the URL and validate it before you type anything.

Update Sep. 17: Offrea has provided the following comment to TechNadu:

We can confirm that Offrea has been the victim of hackers. However, this attack already dates back to May 28th. At that time, all the users involved have been notified by us, as well as the relevant authorities. We conducted an extended security audit and the issues have been fixed. We have received several threats from the hacker (such as making the data publicly available). We were advised by the police not to respond to these extortion efforts. We trust the case is now being handled by the court of Antwerp.

REVIEW OVERVIEW

Latest

How to Watch The Real Housewives of New Jersey Season 12 Online From Anywhere

Get ready for new plot twists, exploding tempers, and a lot of tension in a new season of The Real Housewives of...

How to Watch Chicago Blackhawks Games Online Without Cable

The Chicago Blackhawks are one of the most widely known teams in the NHL, with a lot of history and a fanbase...

How to Watch Pam & Tommy Online from Anywhere: Release Date, Cast, Plot, & Trailer

This biographical drama series surrounds the infamous controversial '90s tape of Motley Crue drummer Tommy Lee and then-wife actress Pamela Anderson that...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari