A hacker has leaked 270,000 customer records from Samsung Germany’s ticketing system. The data was stolen using credentials compromised in a 2021 malware attack on a third-party company, Spectos GmbH. The stolen credentials belonged to a Spectos GmbH employee whose computer was infected with an infostealer malware called Raccoon.
Despite being compromised four years ago, the credentials were never changed. This year, a threat actor named “GHNA” used the stolen credentials to access Samsung’s system and dump customer data online. The leaked information includes names, addresses, email addresses, transaction details, order numbers, tracking URLs, support interactions, and customer communications with Samsung.
Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock stated, “From exact addresses to what TV they bought three years ago, it’s all there, dumped for anyone to grab—and since it’s free, the barrier to entry for exploitation is zero.
Hudson Rock analysts have confirmed the authenticity of the data.
Customer data breach impacts Samsung Germany
Gal remarked, “The worst part is that Hudson Rock flagged those stolen credentials in a threat intelligence database years ago.
Samsung could’ve acted, but they didn’t, and now the damage is done.”
The leaked data could be used for malicious activities, such as targeted phishing, account takeover, fraud, and even physical attacks like porch piracy. Hudson Rock also warns that threat actors could use AI to identify high-value targets and generate personalized phishing attacks. The cybersecurity firm emphasizes the importance of proactive measures to hunt down stolen credentials, stating, “Infostealers aren’t a trending threat—they’re a slow burn that explodes when you least expect it.
Companies can’t just patch and pray; they must proactively hunt down stolen creds.”
Samsung has acknowledged the breach, with a spokesperson saying, “Samsung has been made aware of a data breach impacting one of our system partners in Germany. We take the security of customer data extremely seriously and are working to assess the extent of the incident.
Hudson Rock continues to monitor the situation and provide updates as new information becomes available. This incident highlights the ongoing threat of cyberattacks and the critical need for businesses to implement robust cybersecurity measures to protect customer data.
Johannah Lopez is a versatile professional who seamlessly navigates two worlds. By day, she excels as a SaaS freelance writer, crafting informative and persuasive content for tech companies. By night, she showcases her vibrant personality and customer service skills as a part-time bartender. Johannah's ability to blend her writing expertise with her social finesse makes her a well-rounded and engaging storyteller in any setting.
