A threat actor is offering what they claim is a database belonging to Black Box, a major Saudi Arabian electronics and appliance retailer, allegedly exposing information associated with more than 116,000 customers.
In a forum post published on June 2, 2026, the actor known as lulzintel claimed to have released a Black Box database containing 116,094 customer records and made the dataset available for download through a cybercrime forum.
Black Box operates one of Saudi Arabia’s largest consumer electronics retail platforms, selling smartphones, televisions, home appliances, gaming hardware, and other technology products through both online and physical retail channels.
Order histories and customer details allegedly exposed
According to the listing, the alleged database contains customer names, email addresses, phone numbers, physical addresses, city and regional information, postal codes, order identifiers, purchase totals, tax information, shipping costs, order statuses, and timestamps.
The threat actor also shared a sample that appears to contain detailed order records, including purchased products, quantities, pricing information, and delivery details.
The exposed records shown in the sample reference a wide range of consumer purchases including smartphones, televisions, gaming consoles, washing machines, air conditioners, and other electronics sold through the retailer.
Based on information visible in the sample, some order records appear to date back to at least 2022.
Customer purchasing data can create targeted fraud risks
If authentic, the alleged leak could present privacy and fraud risks for affected customers due to the combination of personal contact information, physical addresses, and detailed purchase histories.
The dataset purportedly includes information that could allow threat actors to build highly targeted phishing, impersonation, or social engineering campaigns tailored to specific customers and their purchasing behavior.
The listing advertises the dataset as a downloadable archive available to forum members.
Authenticity remains unverified
BreachNews has not independently verified the authenticity of the alleged database or confirmed that Black Box experienced a cybersecurity incident.
While the sample appears to contain structured ecommerce order information consistent with a retail platform, the origin of the data remains unclear. It is not known whether the records originated from a recent compromise, an older breach, a third-party exposure, or another source.
Black Box had not issued any public statement regarding the alleged leak at time of publication.
BreachNews will continue monitoring for any response from the company or additional evidence that may help verify the claim.
The claim follows a broader trend of threat actors advertising customer databases on cybercrime forums, including a recent alleged leak involving Spanish energy company Naturgy. As with many forum-based breach claims, the authenticity and origin of the data often remain unverified until affected organizations investigate and respond publicly.
