---
title: "IntelBroker Threat Actors Steal Sensitive Data of 11 Million Weee Customers | DuoCircle"
description: "The threat actor IntelBroker stole the sensitive information of 11 million Weee customers and posted the database on a hacker forum."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/"
---

Quick Answer

In February 2023, the threat actor IntelBroker leaked a database covering 11 million customers of the Asian and Hispanic grocery delivery service Weee (Sayweee). Exposed data included names, email addresses, phone numbers, residential addresses, device types, order numbers, and order comments (including delivery codes for entering homes or offices). Payment data was not exposed because Weee does not retain it. The breach affected customers who placed orders between July 12, 2021 and July 12, 2022\. IntelBroker, active since October 2022, has claimed responsibility for breaches at Autotrader, Volvo, AT&T, Verizon, US Cellular, and multiple US government agencies. Defensive lessons for businesses: minimize stored data, encrypt at rest, segment access, monitor for credential reuse, run incident response drills, and notify customers fast when a breach is confirmed.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdata-privacy%2Fintelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=IntelBroker%20Threat%20Actors%20Steal%20Sensitive%20Data%20of%2011%20Million%20Weee%20Customers&url=undefined%2Fblog%2Fdata-privacy%2Fintelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdata-privacy%2Fintelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdata-privacy%2Fintelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers%2F&title=IntelBroker%20Threat%20Actors%20Steal%20Sensitive%20Data%20of%2011%20Million%20Weee%20Customers "Share on Reddit") [ ](mailto:?subject=IntelBroker%20Threat%20Actors%20Steal%20Sensitive%20Data%20of%2011%20Million%20Weee%20Customers&body=Check out this article: undefined%2Fblog%2Fdata-privacy%2Fintelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers%2F "Share via Email") 

![IntelBroker Threat Actors](https://media.mailhop.org/duocircle/images/2023/02/spf-record-generator-7980.jpg) 

_The [threat actor](/email-security/threat-actors-abuse-linkedins-smart-links-in-evasive-email-phishing-attacks/) IntelBroker stole the sensitive information of 11 million Weee customers and posted the database on a hacker forum, risking the lives of these individuals. This article delves deep into the incident sharing how it occurred, what is currently happening, and how to stay safe._

The topic of [data breaches](/email-security/how-to-respond-to-an-email-security-or-data-breach/) and online security is becoming increasingly relevant in today’s digital age, making it crucial for individuals and organizations alike to stay informed and **take a proactive approach** to protect their information.

The latest news is of WEEE Grocery Service, a **popular online grocery platform** that has recently confirmed a data breach affecting 11 million users, raising concerns about the safety and security of personal and financial information stored on the platform. This article will shed light on the breach, its impact on users, the measures being taken to prevent similar incidents in the future, and how to protect your business against data breaches.

[![Intelbroker threat actors](https://media.mailhop.org/duocircle/images/2023/02/spf-permerror-9016.jpg)](https://media.mailhop.org/duocircle/images/2023/02/spf-permerror-9016.jpg)

## Weee Data Breach at a Glance

A threat actor that goes by the moniker of “[IntelBroker](https://www.bleepingcomputer.com/news/security/weee-grocery-service-confirms-data-breach-11-million-affected/)” began leaking the **sensitive customer information** of Weee and posted a database containing the information of nearly 11 million customers. The organization is aware of the data breach and has confirmed that the financial data of its customers are safe as the enterprise does not retain payment details.

> However, a Weee representative said, “For customers that placed an order between July 12, 2021, and July 12, 2022, information such as name, address, email addresses, phone number, order number, and order comments may have been impacted.”

Weee operates in **48 states of the United States** and specializes in Asian and Hispanic food items. With an app downloaded over 2.6 million times and one of the largest grocery delivery networks, the data breach at Weee is not to be taken lightly.

> Customers should **regularly check their emails** to know if their data was compromised in the breach or not, as the organizational representative also outlined, “We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed.”

## How Did the Data Leak Occur, and What was Stolen?

The threat actors are claiming that they **stole the data** from the platform in February 2023 and referring to the victims as “**Sayweee**,” the name of the platform’s website. The leak contains a ton of sensitive data, including the first and last _names of Weee customers, emails, phone numbers, residential addresses, devices (iOS, Android, PC), dates, and delivery types._ The database containing the data collected all the above information for delivering groceries to the individuals.

In some cases, the customer records also contain delivery notes for couriers and delivery personnel, such as codes for entering homes or offices, which the threat actors could use for **malicious purposes**. However, the details of the data breach are not available as of yet. On the other hand, several researchers claim that the breach pattern matches the one the threat actor used against **US Cellular last month**.

## Who is IntelBroker? The Threat Actor Behind the Weee Data Breach

IntelBroker is a threat actor that has been around since October 2022 and has claimed **responsibility for attacks** on Autotrader, Volvo, AT&T, Verizon, and others. The threat actor has also claimed responsibility for a breach of multiple US government agencies and advertised the sale of over 2 GB of stolen files on underground hacking forums.

The individual or group’s connection to a newly launched [Ransomware-as-a-Service](https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/) portal known as **Endurance** has also been noted by [cybersecurity](/) researchers, who speculated that the breach of **US government agencies** could be a cunning ploy to attract partners to the new service. However, with attacks on multiple global organizations and some big names, InterBroker should not be taken lightly.

## How Can Threat Actors Misuse the Information of Weee Customers?

Threat actors can use the data obtained from the Weee Grocery Service data breach in a variety of ways to carry out malicious activities, including:

- **Phishing scams:** Threat actors can use the customers’ email addresses and full names to craft personalized [phishing emails](/content/phishing-prevention/phishing-email) and trick them into revealing sensitive information such as passwords or financial details.
- **Identity theft:** Threat actors can use personal information (such as full names, residential addresses, and phone numbers) to **carry out identity theft** and open credit lines in the affected individuals’ names.
- **Spamming:** Threat actors can use email addresses to send spam messages or sell the information to spammers.
- **Targeted attacks:** Threat actors can use the information about the devices and delivery types to launch targeted attacks and exploit [vulnerabilities](/email-security/two-zero-day-vulnerabilities-discovered-in-microsoft-exchange-server-patches-pending/) in the systems used by the customers.
- **Physical theft or fraud:** Threat actors can use residential addresses to carry out physical theft or fraud by posing as delivery personnel or service providers.

It’s important to note that the more information a threat actor has, the easier it is for them to carry out malicious activities, so it’s crucial for individuals to **monitor their data** and be vigilant for any suspicious activity.

[![multi-factor authentication](https://media.mailhop.org/duocircle/images/2023/02/smtp-service-2386.jpg)](https://media.mailhop.org/duocircle/images/2023/02/smtp-service-2386.jpg)

## What Can Customers and Businesses Do to Stay Safe?

The reported number of customers affected by the data breach at Weee Grocery Service is 11 million, but according to Troy Hunt of the **data breach notification service**, Have I Been Pwned, only 1.1 million unique email addresses were part of the leak. This discrepancy is likely due to repeated orders from individual customers. To determine if your information was impacted, you can check your email address on [Have I Been Pwned](https://haveibeenpwned.com/) after the data has been added.

There are several steps that businesses and organizations can take to protect themselves against data breaches:

1. **Implement Strong Passwords and Multi-Factor Authentication:** Encourage employees to use strong, unique passwords and implement [multi-factor authentication](https://www.onelogin.com/learn/what-is-mfa#:~:text=Multi%2Dfactor%20Authentication%20%28MFA%29%20is%20an%20authentication%20method%20that,access%20management%20%28IAM%29%20policy.) to secure access to sensitive information.
2. **Regularly Update Software:** Regularly update all software, including operating systems, applications, and security tools, to fix vulnerabilities that could be exploited by attackers.
3. **Educate Employees:** Provide regular training to employees to help them understand the importance of security, how to recognize phishing scams, and how to report suspicious activity.
4. **Encrypt Sensitive Data:** Encrypt sensitive data, both in storage and in transit, to prevent unauthorized access in the event of a breach.
5. **Regularly Backup Data:** Regularly backup important data and store it in a secure location to minimize the impact of a breach.
6. **Conduct Regular Vulnerability Assessments:** Conduct regular vulnerability assessments to identify and address security weaknesses.
7. **Use Firewalls and Antivirus Software:** Implement firewalls and antivirus software to prevent unauthorized access to networks and systems.
8. **Limit Access to Sensitive Information:** Limit access to sensitive information to only those who need it and regularly monitor access logs.
9. **Work with a Trusted Security Partner:** Work with a trusted security partner to assess your security posture, implement security measures, and respond to threats.

## Final Words

The recent data breach at Weee Grocery Service underscores the critical need for organizations to prioritize the security and protection of their customer’s personal information. With the increasing prevalence of online transactions, businesses must implement **robust security measures** to safeguard sensitive data from potential threats.

At the same time, it is also essential for individuals to be mindful of the risks associated with sharing personal information online and with **taking proactive steps** to protect their privacy, such as **regularly monitoring** their financial accounts for unusual activity. By working together, organizations and individuals can help to minimize the risk of future data breaches and promote a safer and more secure online environment.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Privacy 5m  Are MortalKombat Ransomware and Tengyun Snake Attacks Emerging Email Threats?  Jul 20, 2023 ](/blog/data-privacy/are-mortalkombat-ransomware-and-tengyun-snake-attacks-emerging-email-threats/)[  Privacy 6m  Hacker Taunts TikTok After Stealing Over 2 Billion Records in a Massive Data Breach  Sep 19, 2022 ](/blog/data-privacy/hacker-taunts-tiktok-after-stealing-over-2-billion-records-in-a-massive-data-breach/)[  Privacy 4m  Malicious Actors Use Azure Serial Console to Gain Unauthorized Access to Microsoft VMs  May 25, 2023 ](/blog/data-privacy/malicious-actors-use-azure-serial-console-to-gain-unauthorized-access-to-microsoft-vms/)[  Privacy 4m  Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants  Jun 19, 2023 ](/blog/data-privacy/microsoft-uncovers-banking-aitm-phishing-and-bec-attacks-targeting-financial-giants/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"IntelBroker Threat Actors Steal Sensitive Data of 11 Million Weee Customers","description":"The threat actor IntelBroker stole the sensitive information of 11 million Weee customers and posted the database on a hacker forum.","url":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/","datePublished":"2023-02-20T21:58:23.000Z","dateModified":"2025-05-24T14:47:03.000Z","dateCreated":"2023-02-20T21:58:23.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/"},"articleSection":"data-privacy","keywords":"News, Security, Updates","wordCount":1237,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/02/spf-record-generator-7980.jpg","caption":"IntelBroker Threat Actors","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Privacy"},{"@type":"ListItem","position":3,"name":"IntelBroker Threat Actors Steal Sensitive Data of 11 Million Weee Customers","item":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Privacy","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"IntelBroker Threat Actors Steal Sensitive Data of 11 Million Weee Customers","item":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"IntelBroker Threat Actors Steal Sensitive Data of 11 Million Weee Customers","description":"The threat actor IntelBroker stole the sensitive information of 11 million Weee customers and posted the database on a hacker forum.","url":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/","datePublished":"2023-02-20T21:58:23.000Z","dateModified":"2025-05-24T14:47:03.000Z","dateCreated":"2023-02-20T21:58:23.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/data-privacy/intelbroker-threat-actors-steal-sensitive-data-of-11-million-weee-customers/"},"articleSection":"data-privacy","keywords":"News, Security, Updates","wordCount":1237,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/02/spf-record-generator-7980.jpg","caption":"IntelBroker Threat Actors","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```