Someone at Samsung may need a refresh on password hygiene. A hacker reportedly breached one of the company’s databases using a login that was stolen in 2021 but never changed.
Over the weekend, a hacker called “GHNA” claimed to have stolen 270,000 customer satisfaction tickets from a Samsung database in Germany. The data, which was uploaded on a hackers’ forum, includes customers’ full names, email addresses, and physical addresses.
Cybersecurity vendor Hudson Rock, which monitors stolen passwords collected from malware and circulated among hackers, investigated samples of the stolen information. They indicate the data originated from “samsung-shop.spectos[.]com,” a domain tied to customer support provider Spectos GmbH. Hudson Rock then looked through its own library of stolen login credentials and found a set belonging to the same domain—which was looted back in 2021.
Specifically, a Windows-based Racoon Stealer malware secretly harvested the password, likely from an employee’s computer at Spectos, the cybersecurity vendor says.
(Credit: Hudson Rock)
“These credentials sat dormant, until ‘GHNA’ got their hands on them,” Hudson Rock adds. “Samsung could’ve acted, but they didn’t, and now the damage is done.”
Recommended by Our Editors
Samsung and Spectos didn’t immediately respond to a request for comment. But the findings highlight how old malware infections can haunt companies and users for years. In 2024, a hacker breached numerous accounts at cloud storage provider Snowflake by sourcing passwords from various strains of “infostealing” malware.
“Infostealers don’t need to brute-force their way in; they just wait for human error to hand them the keys,” Hudson Rock adds. “And when companies fail to monitor or rotate credentials, it’s game over.”
Get Our Best Stories!
Like What You’re Reading?
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
