-
A dark web forum member has allegedly put up for sale a database of roughly 728,000 customer records traced to suzhouyou.com, a Chinese website.
-
The dataset reportedly contains sensitive customer details spanning contacts, support tickets, and order records, making it a highly organized and potentially damaging leak.
-
Cybersecurity monitoring account @Cyberfeeddigest flagged the listing, though neither suzhouyou.com nor Chinese authorities have issued any official response.
A dark web forum member has allegedly placed a database of approximately 728,000 customer records from suzhouyou.com up for sale.
The cybersecurity monitoring account @Cyberfeeddigest surfaced and shared the listing, which appeared just four hours before the report went live.
The dataset reportedly includes customer contacts, email addresses, and phone numbers; personal details that could fuel fraud, phishing, and targeted attacks on a massive scale.
VIP Forum Member Posts the Alleged Database
The seller holds VIP status on the dark web forum where the listing appeared. Their profile shows 72 posts across 61 threads, with the account joining the platform in October 2025, making it five months active at the time of the post. The account carries a reputation score of -4.
In the listing, the seller describes the dataset as “fresh and organised across 3 main sections,” pitching it to buyers as valuable for “research, analysis, or understanding the structure of China’s relevant sector.” The seller also provided sample URLs hosted on gofile.io as proof of access, though portions of those links remained partially obscured in the available screenshot.
The framing is deliberate. Packaging stolen data under the guise of “research” is a well-known tactic on dark web marketplaces; it lowers the perceived risk for buyers while keeping the listing active longer before moderators or researchers flag it.
What the Alleged Dataset Contains
The listing organizes the alleged data into three interconnected sections, each targeting a different layer of customer information.
The Contacts section reportedly holds detailed customer profile data. Fields listed include full name, phone number, email address, birth date, gender, preferred language, timezone, region code, LinkedIn profile, Twitter handle, marketing opt-in status, a do-not-call flag, secondary email, fax number, mobile number, referral source URL, account tier, contact status, assigned sales representative, last contacted date, contact owner team, and preferred contact method; among others.
The Support Tickets section allegedly captures customer-submitted support conversations and logs. Exposed fields reportedly cover ticket ID, issue description, support response, ticket status, priority level, assigned agent, escalation level, SLA due date, resolution time, customer satisfaction score, root cause code, internal notes, response time in minutes, ticket source campaign, customer feedback, and urgency flags.
The third section covers Order Requests; customer order records submitted directly on the platform. The seller lists fields such as order type, order status, order date, expected delivery date, payment method, total amount, currency, sales channel, shipping address, billing address, discount applied, tax amount, shipping cost, tracking number, delivery status, order fulfilment centre, special instructions, customer comments, and an order cancellation flag.
Taken together, the three sections paint a deeply detailed picture of each customer; their identity, their communication history with the company, and their purchasing behavior. That combination is precisely what makes this kind of dataset so attractive to cybercriminals.
No Confirmation Yet from Suzhouyou.com
@Cyberfeeddigest flagged the listing and brought it to public attention, but suzhouyou.com has not released any official statement. Chinese authorities have also made no public reference to the alleged breach.
Independent verification of the dataset’s authenticity, the actual record count, and whether any transaction has already taken place remains unavailable at this time.
The seller’s use of sample data as proof of access is a standard move in dark web marketplaces. It signals to buyers that the goods are real without giving away the full dataset before payment. Whether the data is genuine or inflated remains unconfirmed.
What is clear is that customer data breaches are happening with alarming frequency, from Integra Credit’s 134,000 exposed phone numbers to suzhouyou.com’s alleged 728,000 records, and the dark web is where this stolen information finds its buyers.
What is clear is this: if the breach holds up, hundreds of thousands of Chinese customers could face serious exposure, and suzhouyou.com has yet to say a word.
