A menace actor generally known as ShinyHunters is claiming to be promoting a large trove of Santander Financial institution information, together with data for 30 million prospects, staff, and checking account information, two weeks after the financial institution reported a data breach.
ShinyHunters is thought for promoting and leaking information from quite a few corporations over time, together with this week’s alleged huge Ticketmaster data breach impacting 560 million individuals.
They’re additionally the proprietor of BreachForums, a infamous on-line neighborhood trafficking within the sale and leaking of stolen information which has survived a number of regulation enforcement takedowns over the previous couple of years
Two weeks in the past, Spain’s largest financial institution, Santander, disclosed a data breach after detecting unauthorized entry to a database hosted by a third-party supplier.
The corporate’s investigation decided that the menace actor accessed information for workers and prospects in Chile, Spain, and Uruguay.
“Following an investigation, we now have now confirmed that sure data referring to prospects of Santander Chile, Spain and Uruguay, in addition to all present and a few former Santander staff of the group had been accessed,” reads a press release from Santander.
“Buyer information in all different Santander markets and companies usually are not affected.”
Quick ahead two weeks, and as first noticed by Darkish Internet Informer, ShinyHunters is now claiming to promote the information for Santander prospects in Chile, Spain, and Uruguay for $2 million, the identical information the financial institution reported was stolen.
Supply: BleepingComputer
ShinyHunters claims that the stolen information accommodates the private data of 30 million prospects and staff, 28 million bank card numbers, and 6 million account numbers and balances.
As a part of the sale itemizing, the menace actor additionally shared samples of the information that accommodates the listed data however can’t be confirmed to belong to Santander.
This itemizing comes quickly after the FBI seized BreachForums on Could fifteenth, which was operated by ShinyHunters and one other menace actor generally known as Baphomet.
Whereas ShinyHunters says that Baphomet was arrested, he shortly restored the BreachForums website from a backup to a brand new area.
Since then, the menace actor posted the sale of Ticketmaster and Santander, which some really feel was accomplished to revive the repute of the positioning after its takedown by regulation enforcement.
Nevertheless, what makes these gross sales uncommon is that each had been first listed on the Russian-speaking Exploit hacking discussion board days earlier than they had been listed on the newly-restored BreachForums.
Supply: Kela
These gross sales had been listed beneath the accounts of recent members, with no reference to BreachForums or ShinyHunters, making others consider the sale on BreachForums is a faux.
Nevertheless, ShinyHunters has generally acted as a data breach dealer for different menace actors prior to now, and it isn’t unusual for these menace actors to create new aliases on numerous boards to promote stolen information.
Whereas TicketMaster has not confirmed whether or not a data breach occurred, ShinyHunters has a repute for promoting legitimate data breaches prior to now.
In 2021, Shiny Hunters claimed to be promoting the stolen information of 73 million AT&T prospects, which the corporate repeatedly denied to BleepingComputer.
“I do not care if they do not admit. I am simply promoting,” ShinyHunters advised BleepingComputer on the time.
In 2024, after the AT&T information was leaked on a hacking discussion board, AT&T lastly confirmed that the information was legit and that they’d suffered a breach.
Previously, ShinyHunters has breached or leaked the information for quite a few corporations, together with Wattpad, Tokopedia, Microsoft’s GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and lots of extra.
