Thought Leadership
Massive data leak at Samsung Germany: around 270,000 customer service tickets were apparently posted on the Internet by a hacker using the pseudonym “GHNA”. The incident could probably have been prevented with basic security measures.
The data set circulates on the darknet platform BreachForums. It contains names, addresses, emails, order data and internal communication. The astonishing thing: According to the cybersecurity company Hudson Rock, the access is based on login data that was already captured by malware in 2021. “The compromised credentials have been in our database for years,” explains Hudson Rock CTO Alon Gal. According to Hudson Rock, the data is a detailed – and sensitive – snapshot of Samsung Germany’s customer base. “This isn’t just a list of names – it’s a roadmap of people’s lives. From their exact address to the TV they bought three years ago, it’s all there for anyone to see,” Gal writes.
A treasure trove for fraudsters
The published data has also already been verified by cybernews security researchers and apparently comes from the samsung-shop.spectos.com portal. In contrast to many other leaks, the data is not sold on the darknet, but is available openly and free of charge – a fact that makes it particularly dangerous.
Well-known security vulnerability remains unresolved
The data leak could easily have been prevented. Hudson Rock has linked the incident to stolen credentials obtained through an Infostealer infection from 2021. According to the analysis, the credentials were stolen from the computer of an employee of Spectos GmbH. This is a German company that operates customer experience platforms, including Samsung Germany’s service ticketing system.
The compromised credentials had apparently not been updated for years. They gave GHNA administrative access to the backend of Samsung’s ticketing platform. This allowed the attacker to exfiltrate an extensive archive of customer interactions.
