A threat actor has published approximately 270,000 customer records allegedly stolen from Samsung Germany’s ticketing system, cybersecurity firm Hudson Rock reports.
The threat actor behind the leak, who uses the name ‘GHNA’, apparently gained access to Samsung’s system using the stolen credentials of a Spectos GmbH account used for monitoring and service quality improvements.
The credentials, Hudson Rock says, were compromised in 2021, after a Spectos GmbH employee’s computer was infected with the Racoon infostealer.
The login information was never rotated and, while dormant for four years, it was used this year to access Samsung’s system and dump 270,000 customer tickets on the internet.
Within the leaked data, the cybersecurity firm identified personally identifiable information such as names, addresses, and email addresses, as well as transaction information, order numbers, tracking URLs, support interactions, and the communication between the customer and Samsung.
SecurityWeek has reached out to Samsung for comment and will update this article if the company responds.
According to Hudson Rock, the leaked data could be used as part of various types of attacks, including targeted phishing, account takeover via customer support impersonation, fraud such as fake warranty claims, and physical attacks (eg, porch pirates).
The cybersecurity firm also theorizes that, using AI, threat actors could weaponize the leaked information to identify high-value targets and generate tailored phishing attacks, such as fake support calls.
The main issue leading to this leak, Hudson Rock notes, is poor credential hygiene, which previously led to similar incidents at Jaguar Land Rover, Schneider Electric, and Telefonica.
“Infostealers aren’t a trending threat—they’re a slow burn that explodes when you least expect it. Companies can’t just patch and pray; they need to hunt down stolen creds proactively,” the cybersecurity firm says.
Related: Microsoft Says One Million Devices Impacted by Infostealer Campaign
Related: Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability
Related: RedLine and Meta Infostealers Disrupted by Law Enforcement
Related: US Transportation and Logistics Firms Targeted With Infostealers, Backdoors
