Cyber Incident Victim: Samsung Germany

In July 2025, approximately 270,000 customer support records from Samsung Electronics Germany appeared for sale on a darknet forum under the handle "GHNA." The attacker priced the dataset at eight forum credits, equivalent to roughly two euros. According to the listing, the stolen data included customer satisfaction tickets containing full names, physical addresses, email addresses, order details, and internal communications, predominantly from interactions occurring in 2025. Cybersecurity firm Hudson Rock attributed the breach to compromised administrative credentials belonging to Spectos GmbH, a third-party vendor operating Samsung's service ticket system at samsung-shop.spectos.com. The credentials had been stolen in 2021 via the Raccoon Infostealer malware from an employee device at Spectos and remained unchanged for four years, enabling prolonged unauthorized access. Attackers exploited these credentials to extract the customer data, which Hudson Rock confirmed matched records in its breach database.

Samsung Germany initially did not respond to media inquiries about the breach but issued a brief statement on Tuesday evening acknowledging "unauthorized access to customer data" at a partner company's IT system. The company emphasized taking data security seriously and investigating the incident's scope. The exposed data creates significant risks for affected customers, including highly targeted phishing campaigns, fraudulent warranty claims, and identity theft schemes leveraging the detailed personal and transactional information. This incident occurred alongside unrelated breaches involving iOS dating apps, though no technical or attacker connection exists between the events. Samsung's statement did not disclose remediation steps, confirmation of data authenticity, or customer notification timelines.