What Happened
In late 2025, Anka Africa (formerly Afrikrea), an Ivory Coast-based e-commerce platform serving over 500,000 users across Africa for artisan sales, shipping, and payments, suffered a major data breach where hackers stole a 12.1 GB database containing 537,877 user records, including names, emails, phone numbers, dates of birth, usernames, genders, account metadata, and critically, live authentication tokens enabling instant account takeovers without passwords. The data was put up for sale on dark web forums shortly after Global Shop Group’s acquisition, with samples verified as authentic and recent by researchers, highlighting risks of session hijacking, identity theft, phishing, and financial fraud amid Africa’s rapid digitization outpacing cybersecurity. ANKA (operated by GSPlatformCo Inc.) officially disclosed the incident in early 2026, describing it as unauthorized access to a non-core system holding an April 2025 snapshot of basic profile details, contact info, demographics, account status, and transaction history—but explicitly denying exposure of passwords, payment data, or tokens—and notified regulators like Maine AG while urging phishing vigilance; this has sparked class action investigations affecting 537,877 people.
