A threat actor has allegedly published a massive dataset belonging to Karage, a major automotive service platform in Saudi Arabia. Karage is a significant entity in the region’s automotive sector, with mobile applications on both iOS and Android, over 15,000 monthly active users, and a reported transaction volume exceeding 209 billion Saudi Riyals. The release of data allegedly follows a 30-day period during which the company ignored a ransom demand of $3,000 in Bitcoin.
The compromised information, now allegedly circulating on a dark web forum, poses a significant risk to the company, its employees, and its customers. The threat actor claims the dump contains a wide array of sensitive information that could be exploited for malicious purposes. The full extent of the damage is still being assessed, but the initial claims point to a comprehensive breach of the company’s digital assets.
The leaked data allegedly includes:
- Full customer database with names, phone numbers, vehicle license plates, and car models.
- Complete transaction history from 2016 to 2025.
- Internal workshop documents.
- Employee records.
- Unreleased application source code.
