Have I Been Pwned: 270,000 data records stolen from Samsung integrated

Cyber criminals have broken into a Samsung service provider and copied the support database containing customer data. 270,000 data records are said to have fallen into the hands of unauthorized persons, who offered them for sale on the darknet. Troy Hunt, who runs the Have-I-Been-Pwned project, has now been able to obtain a copy and has added it to the searchable data pool.

In the announcement in the ever-growing Havbe-I-Been-Pwned (HIBP) leak listing, Hunt writes that it is actually around 216,000 individual email addresses along with names, addresses, purchases made, salutations, tracking numbers and support tickets. The data does not appear to allow direct identity theft, but criminals can use this data to set up more professional and convincing phishing. After all, it contains the additional information that they are Samsung customers who have had problems with a device and may have sent parcels for it.

Selling the data on the darknet

Exactly two weeks ago, it became known that data had been stolen from a Samsung service provider and offered for sale in a digital underground forum. The data was copied from the service provider Spectos. Initially, a usually well-informed company called Hudson Rock claimed that the perpetrators had gained access to the systems using outdated access data.

Spectos counters this with its own analysis of the events. The attackers did not gain access through credentials that had not been changed for years, but abused a vulnerability "in a secondary server" for the initial access. This gave them access to "various areas of the cloud infrastructure"; access to the main systems was prevented.

Anyone who has opened a support case with Samsung in the recent past can check whether their own data is affected by the incident by entering their own email address on the HIBP website. However, an anecdotal test with data from a support case from just over a year ago did not return any results in the current data leak.

(dmk)