Data leak: 270,000 Samsung customer tickets on the darknet
Criminals were able to access 270,000 data records from Samsung Germany's support database. These are now for sale on the darknet.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Around 270,000 customer records from Samsung Electronics Germany have surfaced on the darknet. After a break-in, criminals were able to copy this data from Samsung's support system.
(Image:Â Screenshot / cku)
The user with the handle “GHNA” offered the data for sale in a well-known underground forum. The perpetrator wants eight credits, the equivalent of two euros, for it. According to the darknet forum entry, the data should include customer satisfaction tickets and include full names, addresses and associated email addresses and more.
Data stolen from service providers
The IT security company Hudson Rock, which specializes in the collection and analysis of such data thefts, attributes the break-in to access data stolen using Infostealer. In 2021, the log-in data was stolen from a computer belonging to an employee of Spectos GmbH, which operates customer experience platforms, including Samsung's service ticket system with the URL http://samsung-shop.spectos.com.
Videos by heise
The access data to an administrative account had apparently not been changed for four years and could now be misused for extensive data theft. According to Hudson Rock, the company had the credentials in its data leak database, and they were leaked by the Raccoon Infostealer. The data copied from the ticket system is said to include email addresses, names, and addresses, as well as order details and internal communications. The data archive is said to contain customer interactions mainly from the current year 2025.
Cybercriminals can use the leaked data to launch convincing phishing campaigns, submit fake warranty claims or commit other crimes that require identity theft. Anyone who has recently been in contact with Samsung's support team should therefore be on their guard.
Samsung did not immediately respond to a request from heise online for confirmation of the data leak and the authenticity of the data. If there is an answer, it will be provided here.
Data leaks in several Apple iOS dating apps came to light on the weekend. Around 1.5 million private user photos from the BDSM People, Chica, Translove, Pink and Brish apps had been compromised. These included images with “explicit content” that users had sent to each other privately. The cause was that the provider M.A.D. Mobile Apps Developers published API keys, passwords, and encryption keys together with the source code of the apps.
(dmk)
