Samsung Germany has apparently suffered a massive data breach, with approximately 270,000 customer records currently being offered for sale on a dark web forum. A criminal hacker using the pseudonym “GHNA” claims to have recently copied this data from from Samsung Electronics Germany’s support system.
According to the dark web post, the leaked data sets contain names, addresses, emails, order data, and internal communications. Security specialist Hudson Rock, which analyzed the breach, finding that initial access was gained via login credentials stolen by an infostealer in 2021.
Attack via IT service provider
At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung’s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.