Evaly hacked. Hacker demands contact from employees

The website of Evaly, a controversial Bangladeshi e-commerce platform, appeared to have been compromised on 24 May, with a message allegedly left by a hacker claiming possession of the platform's customer data and demanding contact from company staff.

As of the morning of 24 May 2025, visitors to Evaly's website were greeted by a stark message in capital letters reading, "HACKED, I HAVE ALL CUSTOMER DATA. EVALY STAFF PLEASE CONTACT [email protected]." 

The message also contained an ultimatum threatening to release the data publicly if the individual behind the breach is not contacted. "OR ELSE I WILL RELEASE THIS DATA TO THE PUBLIC," it read.

The extent of the breach, including what specific data may have been accessed or whether it includes sensitive financial or personal information, has not yet been independently verified. Evaly has not issued a formal statement regarding the incident.

The hacking incident follows renewed legal scrutiny of the company and its founders. Just weeks earlier, on 13 April 2025, Bangladesh Sangbad Sangstha (BSS), the state-run news agency, reported that a Dhaka court had sentenced Evaly's managing director, Mohammad Rassel, and chairperson, Shamima Nasrin, to three years of rigorous imprisonment in a fraud case.

The verdict was delivered by Dhaka Metropolitan Magistrate M Misbah Ur Rahman, who also imposed fines of Tk 5,000 each on the defendants. Arrest warrants were issued after the ruling. 

According to BSS, the case was filed by a customer, Md Rajib, who claimed to have paid BDT 12.37 lakh for five motorcycles that were never delivered. The purchase had been made through Evaly's online platform, which was known for its aggressive marketing campaigns and promises of steep discounts.