Over 500,000 Records Belonging to Offrea.be Were Leaked Online

  • Belgian handyman services website 'Offrea.be' appears to have been hacked, and user database has leaked online.
  • The number of people affected by this security lapse is counted in the hundreds of thousands.
  • The platform hasn’t confirmed a breach yet, but a journalist has validated some of the entries.

A RaidForums user has posted a database that allegedly belongs to the site Offrea, containing over half a million user records and three thousand login details. As the user details in the post, the administrators used very weak passwords and outdated software, so taking advantage of SQL injection potential was trivial. The hacker further alleges that they tried to contact the website administrators multiple times, starting in March 2021, but they never received any response.

Image: TechNadu

Offrea.be is a Belgian site that allows users to find professional craftsmen and technicians for various works on their home, like cleaning, plumbing, fixing electrical problems, maintaining AC units, building roofs, doing gardening, etc. The site has over 3,000 registered professionals, which matches the number of leaked credentials and claims to serve 6,800 orders each month.

The user records supposedly contain names, email addresses, physical addresses, and IP addresses, while the login details are limited to names, email addresses, and passwords. French journalist Damien Bancal has sampled the data to confirm its validity, and indeed he has found the promised details inside the nine databases that constitute the leaked pack.

If you have used Offrea services in the past, treat your credentials as compromised, so go ahead and reset them from wherever you were using them. Additionally, stay alert against phishing and scamming attempts, especially those that use this very incident as a hook. To our knowledge, Offrea is not circulating any notices of a breach, and even if they did, they wouldn’t ask you to share any personal or sensitive details to confirm your identity or whatever. If an email takes you to a login site, supposedly for resetting your password, pay attention to the URL and validate it before you type anything.

Update Sep. 17: Offrea has provided the following comment to TechNadu:

We can confirm that Offrea has been the victim of hackers. However, this attack already dates back to May 28th. At that time, all the users involved have been notified by us, as well as the relevant authorities. We conducted an extended security audit and the issues have been fixed. We have received several threats from the hacker (such as making the data publicly available). We were advised by the police not to respond to these extortion efforts. We trust the case is now being handled by the court of Antwerp.

ICC World Test Championship Final 2023 Live Stream: How to Watch Test Cricket Online from Anywhere 
The pinnacle of test cricket is upon us, and the excitement is high ahead of what promises to be a thrilling contest...
How to Watch Avatar: The Way of Water Online from Anywhere
This year, Avatar: The Way Of Water became the third-highest-grossing picture of all time, collecting more than 2 billion dollars since its...
How to Watch It’s Always Sunny in Philadelphia Season 16 Online from Anywhere
It’s Always Sunny in Philadelphia Season 16 is here, and you will find below the premiere date, cast, plot, episode release schedule,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari