A cybercrime forum user is claiming to have leaked a database belonging to Flawireless, a U.S.-based wholesaler of mobile phone accessories and refurbished electronics operating under the Techy Extra brand. The dataset allegedly contains customer, order, invoice, shipment, and product information exported from the company’s ecommerce platform.
According to the forum post, the leak includes multiple database exports, including orders.csv, invoices.csv, shipments.csv, products.csv, and discount_code.csv. The published samples contain customer contact information, shipping and billing addresses, order histories, invoice records, shipment details, and product catalog data.
Records span multiple years
The forum post does not specify when the data was allegedly obtained. However, the sample records indicate the information spans several years. Invoice and order records shown by the seller begin in March 2022, while discount code data references promotional campaigns running through late 2025. Those dates suggest the dataset was compiled over an extended period before surfacing on the cybercrime forum in June 2026.
Based on the information shared by the seller, the exposed files allegedly contain:
- 57,121 order records
- 3,251 invoice records
- 2,066 shipment records
- 14,245 product records
- Customer names
- Email addresses
- Phone numbers
- Billing and shipping addresses
- Order and invoice histories
- Business customer information
- Product inventory and catalog data
The published samples do not appear to include passwords or full payment card information. The exposed data instead focuses on customer identities, contact information, purchase histories, shipping details, and inventory records.
Historical data can still pose security risks
Even if portions of the dataset are several years old, historical customer records can still be valuable to cybercriminals. Email addresses, phone numbers, physical addresses, and purchasing information can be combined with data from other breaches to support phishing campaigns, social engineering attacks, identity fraud, or business email compromise schemes.
Historical ecommerce exports may also expose business relationships, supplier information, and operational details that remain useful to attackers long after the original records were created.
The alleged leak follows a growing number of ecommerce databases appearing on cybercrime forums, where threat actors continue to monetize customer information regardless of when it was originally collected. Recent examples include our coverage of the alleged Clearcover customer data leak, which similarly involved customer records being offered for sale online.
Flawireless had not issued any public statement regarding the alleged leak at the time of publication.
BreachNews will post an update if Flawireless confirms the incident, disputes the claims, or additional evidence becomes available.
