{"id":2602,"date":"2025-04-02T22:16:48","date_gmt":"2025-04-02T22:16:48","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2602"},"modified":"2025-04-02T22:16:48","modified_gmt":"2025-04-02T22:16:48","slug":"years-old-login-credential-leads-to-leak-of-270000-samsung-customer-records","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2602","title":{"rendered":"Years-old login credential leads to leak of 270,000 Samsung customer records"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Samsung Germany has apparently suffered a massive data breach, with approximately 270,000 customer records currently being offered for sale on a dark web forum. A criminal hacker using the pseudonym \u201cGHNA\u201d claims to have recently copied this data from from Samsung Electronics Germany\u2019s support system.<\/p>\n<p>According to the dark web post, the leaked data sets contain names, addresses, emails, order data, and internal communications. Security specialist\u00a0<a href=\"https:\/\/www.infostealers.com\/article\/samsung-tickets-data-leak-infostealers-strike-again-in-massive-free-dump\/\">Hudson Rock,<\/a>\u00a0which analyzed the breach, finding that initial access was gained via login credentials stolen by an infostealer in 2021.<\/p>\n<h2 class=\"wp-block-heading\">Attack via IT service provider<\/h2>\n<p>At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung\u2019s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.<\/p>\n<p>Cybercriminals are <a href=\"https:\/\/www.csoonline.com\/article\/3952041\/malicious-actors-increasingly-put-privileged-identity-access-to-work-across-attack-chains.html\">increasingly leveraging legitimate identity access<\/a> across their attack chains to access systems and remain undetected once inside. That the previously leaked login credential remained valid for four years is notable. \u201cSamsung could\u2019ve acted, but they didn\u2019t, and now the damage is done,\u201d Hudson Rock researchers wrote in their report.<\/p>\n<p>In response to a query from CSO, Samsung Germany confirmed: \u201cAn incident involving unauthorized access to customer data occurred on an IT system belonging to one of Samsung\u2019s business partners in Germany.\u201d However, all further questions remain unanswered. The company stated that it is currently investigating the extent of the incident.<\/p>\n<p>This isn\u2019t the first cyber incident at Samsung. In\u00a02022, <a href=\"https:\/\/www.csoonline.com\/article\/573559\/samsung-reports-second-data-breach-in-6-months.html\">the systems at Samsung\u2019s US site were hacked<\/a>. Then, too, attackers managed to steal personal data.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Samsung Germany has apparently suffered a massive data breach, with approximately 270,000 customer records currently being offered for sale on a dark web forum. A criminal hacker using the pseudonym \u201cGHNA\u201d claims to have recently copied this data from from Samsung Electronics Germany\u2019s support system. According to the dark web post, the leaked data sets [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2603,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2602","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2602"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2602"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2602\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2603"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}