Samsung Germany has apparently suffered a massive data breach, with approximately 270,000 customer records currently being offered for sale on a dark web forum. A criminal hacker using the pseudonym “GHNA” claims to have recently copied this data from from Samsung Electronics Germany’s support system.
According to the dark web post, the leaked data sets contain names, addresses, emails, order data, and internal communications. Security specialist Hudson Rock, which analyzed the breach, finding that initial access was gained via login credentials stolen by an infostealer in 2021.
Attack via IT service provider
At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung’s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.
Cybercriminals are increasingly leveraging legitimate identity access across their attack chains to access systems and remain undetected once inside. That the previously leaked login credential remained valid for four years is notable. “Samsung could’ve acted, but they didn’t, and now the damage is done,” Hudson Rock researchers wrote in their report.
In response to a query from CSO, Samsung Germany confirmed: “An incident involving unauthorized access to customer data occurred on an IT system belonging to one of Samsung’s business partners in Germany.” However, all further questions remain unanswered. The company stated that it is currently investigating the extent of the incident.
This isn’t the first cyber incident at Samsung. In 2022, the systems at Samsung’s US site were hacked. Then, too, attackers managed to steal personal data.