The threat actor and the owner of the English language cybercrime forum LeakBase, Chucky, has leaked a database allegedly stolen from the the Spanish IT services company Knowmad Mood. The Knowmad Mood data breach reportedly contains sensitive employee data. Knowmad Mood who recently shifted it's name and branding from the earlier name atSistemas, had been established in 1994 and provides consulting and software development services, with offices present in Spain, Italy, Portugal, the United States, Morocco, the United Kingdom, and Uruguay. LeakBase is a data leak forum that gained popularity as an alternative source for sharing hacked data or leaked databases and credentials following the 2023 BreachForums takedown.

Knowmad Mood Data Breach Stems from CRM System

The stolen data was allegedly exported from the company's CRM system, and Chucky shared screenshots to further cement his responsibility for the Knowmad mood data breach. The screenshots appeared to reveal a cache of sensitive files, including HTML, Excel, and Word documents. [caption id="attachment_69238" align="alignnone" width="1447"] Source: LeakBase Forum[/caption] Further, a CSV file had been shared and was stated to contain workplace information and performance metrics of employees, including fields such as names, email addresses, h.input, h.exit, effective h., STE, STE Percentage, and h.STE. The leaked data raises serious concerns about the security measures in place at Knowmad mood, and the potential impact it may have on employees and customers. The Cyber Express team has reached out to Knowmad Mood for further information or updates on the alleged data breach claims; however, no updates were received at the time of writing.

Earlier Activities of Threat Actor Chucky

The threat actor Chucky, admin of LeakBase has previously operated under the names LeakBase, Sqlrip, and Chuckies on various underground forums. After the mid-March 2023 shutdown of BreachForums, the threat actor's own forum LeakBase started gaining traction among the cybercriminal community. Chucky had been a regular participant and contributor on BreachForums, sharing breached databases and selling admin/unauthorized access to websites while also being the top active poster on their own LeakBase leak forums. The threat actor had disclosed to Cyble researchers that their primary tactic involved a customized brute forcing technique. While the researchers confirmed that the technique might serve as a plausible method for the threat actor's data breach attacks, the full tactics, techniques, and procedures (TTPs) employed by the TA remained unconfirmed. Chucky previously claimed responsibility for massive leaks from sources such as the Indian government's Swachh City initiative, OnePlus-Oppo & Realme in a data breach attack affecting users from Thailand, Gamekaking and American automotive digital marketing service Purecars . Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.