ScrapMarket.in Data Breach Exposes 129k Customer Records

The ScrapMarket.in data breach is an alleged incident in which a threat actor claims to be selling a database containing 129,659 customer records belonging to users of ScrapMarket.in, an India based B2B marketplace for buying and selling scrap materials. According to the underground listing, the database was compromised on November 30, 2025, and includes detailed personal information, account credentials, business profile data, contact details, and technical identifiers such as device IDs and Firebase tokens. The threat actor provided a large SQL style sample that appears to match structured user account tables, suggesting that the breach may involve a direct export from ScrapMarket.in’s production database.

ScrapMarket.in is a widely used platform in India’s recycling and scrap trading industry, serving individual sellers, scrap dealers, industrial recycling firms, logistics partners, and B2B buyers. A breach affecting more than one hundred thousand accounts represents a significant exposure within a sector that relies heavily on digital transactions, mobile verification, and business reputation systems. The inclusion of hashed passwords, mobile numbers, GST numbers for registered companies, subscription metadata, and Firebase associated tokens raises concerns about account hijacking, targeted phishing, business impersonation, and unauthorized platform access.

The ScrapMarket.in data breach also highlights the increasing trend of cyberattacks targeting mid sized B2B marketplaces across India. These platforms often store personal data, business contact details, tax identifiers, GPS or device metadata, and subscription or billing records. Threat actors view these datasets as attractive because they can be used in credential stuffing attacks, financial scams, identity misuse, or as a foundation for social engineering campaigns aimed at businesses in manufacturing, recycling, transport, and logistics. The structure of the leaked SQL preview strongly indicates that the threat actor accessed core database tables with minimal redaction, increasing the severity of the alleged breach.

Background Of The ScrapMarket.in Data Breach

The underground listing associated with the ScrapMarket.in data breach includes a detailed SQL formatted preview showing the insertion structure of a table labeled “customers”. This structure contains fields commonly found in authentication, profile management, subscription tracking, and device registration systems. Examples of exposed fields in the sample include first name, last name, password hashes, mobile number verification statuses, company information, GST numbers, subscription expiration dates, Firebase tokens, login device identifiers, and account creation timestamps.

The presence of fields such as “otp”, “otp_expire_at”, “remember_token”, “reset_key”, “reset_key_expire_at”, “firebase_token”, “firebase_token_updated_at”, “login_device_id”, and “show_ad_on_top” suggests that the compromised database is tied to the primary user authentication and engagement system used by ScrapMarket.in. The fact that the listing exposes full SQL schema metadata implies that the attacker had access to a structured production environment rather than scraping or piecing data together from multiple sources.

ScrapMarket.in operates as a business directory and transactional hub for scrap materials, recycling services, and industrial waste buyers. Registered users often include phone verified individual sellers, informal recycling sector workers, small businesses, and established commercial entities with GST registration. Because the platform must verify user identities and maintain records for transactions, it stores large volumes of sensitive information beyond simple email and password combinations.

The ScrapMarket.in data breach appears to expose this entire dataset in a single event. The structured nature of the data preview, combined with the volume of records, indicates that the attack may involve direct database access through a misconfigured endpoint, vulnerable API, outdated CMS plugin, SQL injection flaw, or compromised administrative credentials. While the exact vector has not been confirmed, the architecture of the leaked SQL sample provides multiple clues about the internal systems that may have been accessed.

What Information Was Exposed In The ScrapMarket.in Data Breach

Based on the leaked SQL sample, the ScrapMarket.in data breach allegedly includes the following categories of sensitive information:

• Full names and profile details
• Email addresses used for login or verification
• Mobile numbers and mobile verification status
• Hashed passwords stored as part of the authentication system
• Company name and customer type (individual or business)
• GST numbers for registered business accounts
• State and city identifiers linked to geographic region
• Full user addresses and related metadata
• Subscription information, including expiration dates and plan details
• OTP values and expiration timestamps
• Password reset keys and expiration dates
• Remember tokens for persistent login sessions
• Firebase tokens and Firebase updated timestamps
• Login device IDs and other device metadata
• Account creation dates, deletion dates, and update timestamps
• User ratings, rating comments, and rating history
• Fields used for internal sorting, marketing, and UI display

The inclusion of hashed passwords indicates that attackers may attempt credential stuffing on other platforms. Even though the passwords are hashed, weak or commonly used credentials may be cracked, allowing threat actors to access email accounts, financial services, or other business tools used by ScrapMarket.in customers. The presence of Firebase tokens increases risk because these tokens can sometimes allow unauthorized access to messaging endpoints or device linked services.

Company associated records, including GST numbers, business addresses, and contact numbers, create opportunities for business email compromise attacks. Criminal groups often impersonate suppliers, partners, or procurement teams in order to trick victims into paying fraudulent invoices or providing sensitive operational information. Because the data appears legitimate and tied to real businesses, the likelihood of successful impersonation increases significantly.

How The ScrapMarket.in Data Breach Could Affect Individuals And Businesses

The exposure of customer information in the ScrapMarket.in data breach creates several immediate and long term risks. For individual users, attackers could initiate phishing campaigns that reference their real names, locations, or account history. Criminals may impersonate ScrapMarket.in customer support, claiming that users must verify their account, update subscription details, or confirm a pending order. These attacks are more convincing when threat actors possess accurate personal information.

Mobile number exposure increases the risk of smishing, where fraudulent SMS messages attempt to trick recipients into clicking malicious links. Attackers may also attempt SIM swapping schemes if they identify accounts associated with high value transactions or active subscription plans. SIM swap fraud can lead to compromised email logins, banking access, and unauthorized use of one time passwords.

The ScrapMarket.in data breach also presents risks for businesses. GST numbers, company names, and contact details can be used to impersonate corporate representatives. Attackers may send fraudulent quotations, altered invoices, or requests for urgent payments. This type of business impersonation is common in sectors where transactions occur quickly and involve multiple small enterprises, which is typical of the recycling and scrap industry.

Because the leaked data includes subscription history, attackers may craft targeted scams that appear to relate to platform service renewals. Threat actors may claim that users must pay a renewal fee, update their subscription card on file, or complete verification to avoid suspension. The detailed timestamps and metadata included in the leaked SQL sample can add credibility to these fraudulent claims.

Risks Involving Firebase Tokens And Device Identifiers

The presence of Firebase tokens and login device identifiers in the ScrapMarket.in data breach is notable. Firebase is commonly used to manage push notifications, authentication workflows, and device messaging. If improperly secured, Firebase tokens can potentially allow unauthorized access to certain application features. Attackers may attempt to test these tokens against the ScrapMarket.in infrastructure to determine whether they grant any elevated access.

Login device identifiers also pose risk. These IDs can be used to track a user’s device history or correlate accounts across multiple platforms. Threat actors sometimes combine device metadata with breached email and phone number information to attempt targeted malware distribution campaigns aimed at specific types of devices.

Regulatory And Legal Implications Of The ScrapMarket.in Data Breach

If confirmed, the ScrapMarket.in data breach may fall under India’s Information Technology Act and associated data protection requirements. Although India is in the process of implementing broader digital privacy legislation, organizations are still required to protect personally identifiable information and notify affected individuals when a major compromise occurs. Because the breach allegedly includes sensitive personal data, tax identifiers, and authentication credentials, regulatory authorities may expect ScrapMarket.in to conduct a formal investigation, secure exposed systems, and provide guidance to users.

The Indian recycling and scrap materials sector often involves partnerships with international buyers and logistics companies. If any of these partners maintain user data within ScrapMarket.in’s systems, the breach could have cross border implications. Organizations operating internationally may have obligations under foreign data protection regimes, depending on what information was stored and how it was processed.

Supply Chain Risks And Third Party Exposure

The ScrapMarket.in data breach demonstrates how a single platform in a supply chain can expose data belonging to thousands of individuals and businesses. Because many small and medium recycling operations rely on digital marketplaces to connect with buyers, attackers who target a central hub can obtain information on a wide array of companies. This creates opportunities for fraud across logistics, transport, manufacturing, and industrial waste management networks.

Cybercriminal groups increasingly target mid sized B2B platforms because they often maintain sensitive business metadata but may lack the advanced security budgets of larger enterprises. If the breach originated through a third party integration, weak API security, outdated CMS software, or an unprotected database endpoint, ScrapMarket.in may need to reassess vendor access and system segmentation practices to prevent a similar event in the future.

How Affected Users Should Respond

Users who believe they may be affected by the ScrapMarket.in data breach should take several precautions:

• Change the password associated with their ScrapMarket.in account immediately
• Avoid reusing passwords across multiple platforms
• Monitor SMS messages and emails for phishing attempts
• Enable additional verification measures with their mobile provider to reduce SIM swap risk
• Review bank accounts and digital wallets for unauthorized activity
• Be cautious of unexpected renewal requests, invoices, or urgent payment demands
• Scan devices for malware using trusted tools such as Malwarebytes

Individuals should also be wary of unsolicited calls referencing their business information or GST numbers. If attackers obtained both personal and corporate data, they may attempt to impersonate platform partners or regulatory authorities.

Incident Response Considerations For ScrapMarket.in

If ScrapMarket.in confirms the breach, the company will need to take immediate action to secure exposed systems and prevent further data leakage. This includes rotating authentication keys, resetting all session tokens, forcing password resets, and assessing whether any administrative accounts were compromised. A full forensic investigation may be necessary to identify the initial attack vector, determine how long attackers had access, and confirm whether any other systems were affected.

The company may also need to review access controls, implement stricter database segmentation, and verify that sensitive data is encrypted both in transit and at rest. Improved monitoring and logging practices can help detect suspicious behavior earlier in the future.

Clear communication with customers, business partners, and potentially affected third party organizations will be essential. Transparency helps maintain trust and allows users to take appropriate defensive measures. As more details about the ScrapMarket.in data breach emerge, the company may need to publish formal advisories, provide security recommendations, and coordinate with cybersecurity experts and regulators.

Long Term Implications Of The ScrapMarket.in Data Breach

The ScrapMarket.in data breach reinforces the importance of strong cybersecurity practices across platforms that handle personal and business information. Because this incident allegedly involves hashed passwords, Firebase tokens, OTP logs, subscription history, and company identifiers, the long term risk extends beyond the immediate exposure event. Attackers can store, correlate, and reuse this data in future campaigns targeting the recycling sector, transport companies, or industrial buyers. Once information is circulated within criminal marketplaces, it can remain accessible for years.

The full impact of the ScrapMarket.in data breach will depend on how the data is used, resold, or redistributed. Businesses may experience an increase in impersonation scams, fraudulent quotation requests, and suspicious login attempts. Individuals may face higher volumes of phishing messages, spam calls, and identity related fraud attempts. As attackers refine their methods using accurate personal and corporate information, distinguishing between legitimate and malicious communication becomes more difficult.

ScrapMarket.in and similar platforms may need to invest in stronger authentication mechanisms, enhanced encryption, regular penetration testing, and improved database governance. By addressing structural weaknesses and providing clear guidance to affected users, organizations can reduce the long term threat and improve overall ecosystem security.

Additional updates will be published as new information becomes available regarding the ScrapMarket.in data breach.