Cyber Incident Victim: SAP.com

In December 2020, a data breach broker advertised the sale of 368.8 million user records allegedly stolen from twenty-six companies on a hacker forum, as reported by BleepingComputer. Among these companies was Hybris.com (SAP.com), with 4 million user records listed for sale. The broker categorized Hybris.com's data as "SAP client data," though the listing did not specify whether this breach was newly discovered or previously disclosed. The incident formed part of a broader campaign where threat actors compromised organizations and collaborated with brokers to monetize stolen databases through dark web marketplaces. The Hybris.com entry appeared alongside major breaches like Juspay.in (100 million records) and Netlog.com (53 million records), though the article did not detail the specific intrusion methods or timelines for Hybris.com's compromise.

BleepingComputer's investigation revealed varying responses from affected companies, but no statement from SAP or Hybris.com was included in the report. The article confirmed eight previously undisclosed breaches among the twenty-six companies, though Hybris.com was not listed among those new cases. Samples from other breaches typically contained login credentials, hashed passwords, and personal identifiers, suggesting similar data types might have been exposed in the Hybris.com incident. The broker had not publicly disclosed pricing for Hybris.com's data at the time of reporting, unlike Teespring.com ($3,800–$4,000) or MyON.com ($2,800). BleepingComputer advised users of all impacted platforms to reset passwords and adopt unique credentials for each service, though no Hybris.com-specific mitigation guidance or victim reports were documented. The broader incident highlighted recurring challenges in breach disclosure, exemplified by Teespring.com’s delayed and obscured notification to users.