Hackers have been taking advantage of U-Haul employee accounts to gather customer data for doxing, cyberattacks, and possible violence, as reported by 404 Media. A hacking group called “The Com” has been using phishing techniques to replicate U-Haul’s point-of-sale (POS) login pages, which allows them to access sensitive customer information like names, addresses, phone numbers, and billing data.
Potential Risks of Stolen Information
This sensitive information can lead to more attacks, such as social engineering tactics aimed at compromising online accounts or targeting individuals for harm. The Com mainly operates on platforms such as Telegram and Discord and has a history of engaging in SIM swapping, cryptocurrency theft, and corporate hacking.
Tools Used for Hacking
One phishing tool known as Suite, created by a hacker named Pontifex, helps in gathering U-Haul account credentials, as well as for services like Gmail and Coinbase. The hacked login information is frequently shared in Telegram channels that focus on fraud. Pontifex mentioned, “U-Haul has lots of information, it can be used for all sorts of stuff,” adding that the stolen data could also help in accessing email accounts from major ISPs like Comcast.
Past Breaches and Current Silence
This situation is not unprecedented; U-Haul has faced multiple attacks over the years. In 2022, hackers gained access to internal tools to fish customer contracts, and in 2024, attackers reportedly used valid credentials to breach dealer systems and view reservations and records.
Despite several attempts to get a response, U-Haul has not commented on these matters, according to 404 Media. Such incidents are important reminders that any business can be a target for cybercriminals looking to steal personal information.
Source: Link