Weee! Confirms Customer Data Breach Affecting 1.1 Million Users
Online grocery delivery service Weee! confirmed a data breach affecting about 1.1 million customers, after reports surfaced that a large dataset tied to the company had been leaked online. Exposed information reportedly included names, email addresses, phone numbers, home addresses, and account-related details such as delivery preferences, device information, dates, and customer notes left for couriers; some of those notes allegedly contained sensitive building entry instructions.
Reporting linked the leaked dataset to a threat actor associated with other high-profile data exposures, including a prior US Cellular-related leak. The compromised records raise risks of phishing, scams, identity fraud, and physical security concerns because the data could help attackers profile victims or misuse address and access details. Weee! acknowledged the incident as scrutiny grew over how consumer delivery platforms store large volumes of personal information and expand exposure through third-party services.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Reports link leaked Weee! data to a forum actor and note no company response
Media reports said the stolen Weee! data had been leaked online and suggested a possible link to the same actor associated with a prior US Cellular leak, referencing the IntelBroker persona. At the time of reporting, The Cyber Express said Weee! had not responded to its request for comment.
Weee! discloses data breach affecting 1.1 million customers
Weee! confirmed a data breach impacting approximately 1.1 million customers. Exposed information reportedly included personal data such as names, email addresses, phone numbers, home addresses, delivery details, device information, and in some cases customer notes to couriers containing building entry codes.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
BigBasket User Database Offered on Dark Web and Later Leaked for Free
Indian online grocer **BigBasket** was linked to a major data exposure after a threat actor advertised a database allegedly containing details of roughly **20 million users** for sale on the dark web. Reporting said the records included customer information such as names, email addresses, phone numbers, physical addresses, dates of birth, password hashes, and IP addresses, raising concerns about follow-on phishing, account takeover, and identity fraud affecting a large portion of the company’s customer base. The incident later escalated when the same alleged **BigBasket** dataset was reportedly released for free, making the information broadly accessible rather than limited to a private sale. The leak significantly increased the potential impact of the breach by lowering the barrier for cybercriminals to reuse the data in credential attacks and targeted scams, while intensifying scrutiny of the company’s security posture and breach response.
May 25, 2026
Dark Web Leak Claims Target Colis Privé and Multiple Online Services
Dark web monitoring reports described **unverified data leak claims** involving several organizations, including French parcel delivery firm **Colis Privé**. One post on **BreachForums** allegedly offered an upload of **22,564,381 records** attributed to Colis Privé, described as `.jsonl` files totaling **~4.1 GB**; no specific threat actor attribution or company confirmation was cited, and the notice characterized the situation as informational while scope is assessed. If authentic, the scale and format of the dataset would materially increase risk of **identity theft, credential stuffing, and targeted phishing** against customers. Separate dark web forum posts also alleged database exposures affecting **JobsGO** (Vietnam recruitment platform), **MyVete** (veterinary management platform), **PIXPAY** (Senegalese payment service), and **Groupe Fondasol** (France-based engineering). The claimed datasets reportedly include **CV/personal records**, and in some cases **API credentials and employee metadata**, with example figures including **~2.3 million records** for JobsGO and **~5.57 million records** for MyVete (verification not indicated). Across the claims, the primary business risk is downstream abuse of exposed personal and operational data for **social engineering, recruitment fraud, and account takeover**, rather than immediate exploitation of a specific software vulnerability.
Mar 21, 2026
ROMWE Discloses Data Security Incident Affecting Shoppers
Fast-fashion retailer **ROMWE** notified customers of a data security incident involving shopper information, according to a company disclosure carried by Yahoo Finance. The notice indicates the company informed affected users directly and publicly acknowledged that customer data was exposed in the breach, prompting a formal incident response and outreach effort. The available reporting provides limited technical detail, but the incident appears to involve unauthorized access to consumer data held by the retailer. For CISOs, the event underscores persistent third-party e-commerce and customer-data exposure risks, particularly where online retail platforms store personal information that can be leveraged for fraud, account abuse, or follow-on phishing against affected shoppers.
May 25, 2026