A significant data breach has hit Samsung Germany as threat actor βGHNAβ has released 270,000 customer support tickets for free on hacking forums.
The breach, which occurred in March 2025, exposes extensive personal and transactional data from Samsungβs German operations dating primarily from 2025.
Cybersecurity experts note this breach wasnβt the result of a sophisticated attack but rather credentials stolen years earlier through infostealer malware.
The incident traces back to 2021 when Raccoon Infostealer malware harvested login credentials from an employee at Spectos GmbH, the company managing Samsung Germanyβs ticketing system at samsung-shop.spectos.com.
According to cybercrime intelligence firm Hudson Rock, these compromised credentials remained in their tracking database for years before being exploited.
This breach represents another case of dormant stolen credentials being used long after the initial compromise.
Samsung Germany Data Breach: Exposed Customer DetailsThe leaked dataset contains comprehensive customer information, including:
Personal identifiable information: Full names, email addresses (e.g., βjosi_92@gmx.deβ), and complete home addresses (e.g., βTrautenauer Str. 26, 85121 Dachauβ)Transaction details: Order numbers (e.g., βDE2213214-32511544β), specific model numbers (e.g., βGU52AU7299UXZGβ for a Crystal UHD TV), and payment methodsSupport interactions: Ticket IDs (e.g., β230406.0095829β), agent emails, and detailed communication logsTracking information: Active delivery tracking URLs (e.g., βhttps://myhes.de/de/tracking/xx7932321243293000β)Security researchers highlight multiple exploitation vectors enabled by this breach:
βWhat makes this leak particularly dangerous is its free availability,β notes the analysis. βAny malicious actor can now orchestrate highly convincing phishing attacks using exact purchase details and order numbers.β
Potential attack scenarios include:
Targeted delivery theft: Using tracking URLs and address information to intercept high-value deliveries.Hyper-personalized phishing: Crafting emails referencing legitimate order numbers (DE321116-32511544) and exact product models.Fraudulent warranty claims: Exploiting order numbers and purchase dates to submit false claims.Support impersonation: Leveraging ticket IDs and agent information to impersonate Samsung support representatives.The breach highlights growing concerns about AIβs role in data breach exploitation. Modern language models can rapidly parse unstructured ticket data, extracting actionable information for automated attack campaigns.
The report stated that an AI can convert these 270,000 tickets into clean datasets, identify high-value targets, and generate customized phishing content at scale.
This incident follows similar breaches at Telefonica and Jaguar Land Rover, establishing a pattern of infostealer-enabled attacks. For affected customers, security experts recommend vigilance against suspicious communications referencing their Samsung purchases.
Organizations are advised to implement credential monitoring services and regular rotation of access credentials, particularly for customer data systems.
The breach underscores that sophisticated zero-day exploits arenβt necessary when basic credential hygiene is overlooked.