The criminal hacking group ShinyHunters claims it has stolen information, including bank and credit card numbers and staff HR details, from 30 million customers and employees. The stolen information includes bank account data. The hackers belong to the same gang that recently hacked Ticketmaster. The hackers are now trying to sell what they claim is confidential information belonging to millions of Santander’s employees and customers.
Santander, which employs 200,000 staff worldwide, has confirmed that the data has been stolen, and some is now on the Dark Web for sale. The bank has apologized for what it says is "the concern this will understandably cause," adding it is "proactively contacting affected customers and employees directly."
"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain, and Uruguay, as well as all current and some former Santander employees of the group, had been accessed," it said in a recent statement. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."
It said its banking systems were unaffected so customers could continue to "transact securely."
In a post on a hacking forum reported by researchers at Dark Web Informer, the group who call themselves ShinyHunters posted an advert saying they had data including:
- 30 million people’s bank account details
- 6 million account numbers and balances
- 28 million credit card numbers
- HR information for staff
The data, which includes hashed credit card numbers, the last four digits of credit cards, expiration dates, fraud details, customer names, addresses, emails, ticket, and event information details, is now being sold on the dark web with a new wave of credit card fraud to be expected.
ShinyHunters has previously been linked to data stolen from AT&T, and the same criminal group is presently offering for sale the private data of what it claims are over 500 million Ticketmaster customers.
According to reports, researchers first posted that the Santander breach and the apparent Ticketmaster exploit are linked to a hack at the US cloud storage company Snowflake. These reports have been firmly challenged by Snowflake, and the post has been withdrawn. Xavier Sheikrojan, Senior Risk Intelligence Manager at fraud protection platform Signifyd, commented, "... in the next few days, we are likely to see more companies hit by the cyberattack... The repercussions could last for months or even years, especially with the rise of sleeper accounts - accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later...
"Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behavior from their existing users and customers. Sometimes hackers only need one set of matching employee's stolen credentials to get into the company's database, so a forced reset of passwords, using strong and unique passwords, and implementing two-factor authentication can be great strategies. This not only protects the business but also safeguards loyal customers."
Signifyd is advising organizations at risk to ensure they are educated and aware of the latest data breach trends and to find ways to optimize their machine learning detection proactively. "Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach," Sheikrojan says.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments