A Threat Actor is Allegedly Selling Access to AmeriGas Azure Cosmos Production Database

Forum: BF - You can find the forum link in the subscribers area.
Revenue: $2.9 Billion

In a recent dark web forum post, a user named Fumentazo has offered access to a highly sensitive database belonging to AmeriGas, the largest propane provider in the United States. The post reveals the sale of a script that grants unauthorized access to AmeriGas' Azure Cosmos databases. The seller emphasizes the importance of the "masters_key," which is touted as the most critical piece of information for accessing the database.

What’s Being Offered?

Fumentazo is selling access to the Azure Cosmos databases, claiming that the databases contain a wealth of sensitive information. Here's a breakdown of what's included:

• Databases and Collections: The post details three main databases and their associated collections within AmeriGas' Azure Cosmos setup. Although the exact content of these collections is redacted, Fumentazo provides a preview of some queries as proof of access.
• Sample Databases/Collections:
  • amgpdsprdedb01:
    • AmeriGasDistrictLocations
  • AmeriMobileData:
    • AmeriMobileAppEvent
    • AmeriMobileTruckPositionBI
    • AmeriMobileRouteUpdate
    • AmeriMobileEndOfDay
    • AmeriMobileTruckPosition
    • ArmAppEvents
    • AmeriMobileDeviceMap
    • AmeriMobileShiftData
    • AmeriMobileDeliveryReceipt
    • ServiceRoadActivityLog
    • AmeriGasDistrictLocations
    • AmeriGasCurrentEmployeeLocations
    • GeofenceLogs

What Data is Included?

Fumentazo claims that the database contains various types of critical data, such as:

1. Activity Logs: Detailed logs of activities, potentially including timestamps and user actions.
2. Worker Sign-ins: Data related to worker sign-in times and associated names.
3. Customer Information: This includes sensitive customer details, which were partially obscured in the post.
4. Field Application Logs: Information utilized by workers in the field, potentially related to job-specific tasks and logs.
5. Order Information: Data regarding orders, including those already completed and upcoming.
6. Shift Data: Details about worker shifts.
7. Worker Assignments: Names and contact information of workers assigned to specific jobs.

Fumentazo hints that there might be more data within the database that they have not yet uncovered.

Additional Information

• Microsoft Developer Account Access: Although not included in the sale, Fumentazo claims to have access to a Microsoft developer account connected with the same group. They also have a list of 13,228 internal emails associated with the developer account, many ending with @amerigas.com.
• Recent Activity: The database is actively used, and the seller can provide recent login activity logs to prove its authenticity. The seller is also open to making the entire database public if private access is not purchased.
• Contact Information: Interested buyers are encouraged to contact Fumentazo through Telegram for further details or proof.