Approximately 270,000 Samsung Germany customer service tickets have been leaked onto the public internet, exposing sensitive customer information and communications.
The breach originated from compromised credentials belonging to an employee of Spectos GmbH, a third-party IT service provider that manages Samsung Germany’s customer service ticketing system. According to cybersecurity firm HudsonRock, the credentials were initially stolen in 2021 by the Raccoon infostealer malware but remained unused for nearly four years.
“A hacker going by the alias “GHNA ” has dumped a staggering 270,000 customer tickets from Samsung Germany online, completely free of charge. The data, which appears to be sourced from samsung-shop.spectos.com, didn’t come from some sophisticated zero-day exploit or insider betrayal. No, this breach traces back to credentials stolen by infostealers way back in 2021. Credentials that cybercrime intelligence firm, Hudson Rock, has had in its database for years. This could’ve been prevented, but instead, it’s now a treasure trove for cybercriminals worldwide,” the researchers said.
The threat actor “GHNA” used the stolen credentials to access the Samsung-Shop[.]spectos[.]com ticketing system and subsequently released the customer service data.
“This isn’t just a list of names – it’s a roadmap to people’s lives. From exact addresses to what TV they bought three years ago, it’s all there, dumped for anyone to grab,” said Alon Gal, Hudson Rock’s co-founder and chief technology officer.
“From exact addresses to what TV they bought three years ago, it’s all there, dumped for anyone to grab.”
What makes this breach particularly concerning is that the leaked data is being distributed freely online, making it accessible to anyone with malicious intent.
Cybernews researchers said they verified the authenticity and recency of the data, which includes customers’ full names, email addresses, home addresses, order numbers, ticket IDs, and Samsung agent emails.
Security experts warn that the exposed information could be exploited in multiple ways:
- Targeted physical theft: With access to delivery schedules, addresses, and tracking information, criminals could target valuable Samsung deliveries.
- Sophisticated phishing campaigns: Armed with detailed purchase histories and personal information, scammers could craft highly convincing phishing emails that appear to come from Samsung.
- Fraudulent warranty claims: Order numbers could be used to submit false warranty claims.
- Account takeovers: Support ticket details could enable impersonation attacks where criminals trick customers into providing passwords or two-factor authentication codes.
“Infostealers don’t need to brute-force their way in; they just wait for human error to hand them the keys. And when companies fail to monitor or rotate credentials, it’s game over,” said Hudson Rock.
The cybersecurity firm also warned that artificial intelligence tools could amplify the damage, allowing even low-skilled attackers to weaponize this data at scale.
“Hackers will go from manual cherry-picking to hitting thousands of victims daily. With ‘GHNA’ handing this out for free, any script kiddie with a GPT knockoff could turn it into a payday. That’s the future we’re staring at,” said Hudson Rock.
This marks Samsung’s second major cybersecurity incident in recent years. In 2023, the company faced scrutiny when employees inadvertently leaked sensitive code through ChatGPT, prompting Samsung to implement a company-wide ban on generative AI tools.
You must be logged in to post a comment.