Members of an underground criminal community that hack massive companies, steal swathes of cryptocurrency, and even commission robberies or shootings against members of the public or one another have an unusual method for digging up personal information on a target: the truck and trailer rental company U-Haul. With access to U-Haul employee accounts, hackers can lookup a U-Haul customer’s personal data, and with that try to social engineer their way into the target’s online accounts. Or potentially target them with violence too.
The news shows how members of the community, known as the Com and composed of potentially a thousand people who coalesce on Telegram and Discord, use essentially any information available to them to dox or hack people, no matter how obscure. It also provides context as to why U-Haul may have been targeted repeatedly in recent years, with the company previously disclosing multiple data breaches.
“U-Haul has lots of information, it can be used for all sorts of stuff. One of the primary cases is for doxing targs [targets] since they [seem] to have information not found online and ofc U-Haul has confirmed this info with the person prior,” Pontifex, the administrator of a phishing tool which advertises the ability to harvest U-Haul logins, told 404 Media in an online chat. The tool, called Suite, also advertises phishing pages for Gmail, Coinbase, and the major U.S. carriers T-Mobile, AT&T, and Verizon.