02 June 2024

ShinyHunters claims Santander breach, selling data for 30M customers

The bank — which employs 200,000 people worldwide, including around 20,000 in the UK — has confirmed data has been stolen.
Some experts have said ShinyHunters' claims should be treated with caution, as they may be a publicity stunt.

Santander staff and '30 million' customers hacked

Joe Tidy,Cyber correspondent
Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers.
They belong to the same gang which this week claimed to have hacked Ticketmaster.
The bank — which employs 200,000 people worldwide, including around 20,000 in the UK — has confirmed data has been stolen.
Santander has apologized for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly." It told the BBC that "UK customer data was not affected or lost in the hack".
"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month.
"No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."
It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum — first spotted by researchers at Dark Web Informer — the group calling themselves ShinyHunters posted an advert saying they had data including

  • 30 million people’s bank account details
  • 6 million account numbers and balances
  • 28 million credit card numbers
  • HR information for staff

Santander has not commented on the accuracy of those claims.

ShinyHunters have previously sold data confirmed to have been stolen from US telecoms firm AT&T.
  • The gang is also selling what it says is a huge amount of private data from Ticketmaster.
  • The Australian government says it is working with Ticketmaster to address the issue. The FBI has also offered to assist.
  • Some experts have said ShinyHunters' claims should be treated with caution, as they may be a publicity stunt.
However, researchers at cyber-security company Hudson Rock claim that the Santander breach and the apparent Ticketmaster one are linked to a major ongoing hack of a large cloud storage company called Snowflake.
Hudson Rock says it has spoken to the perpetrators of the alleged Snowflake hack - who claim that they gained access to its internal system by stealing the login details of a member of Snowflake staff.
  • In a statement on Friday, Snowflake said it was aware of “potentially unauthorized access” to a “limited number” of customer accounts.
  • It said it appeared hackers had used login information to access a demo account owned by a former Snowflake employee.
  • That account "did not contain sensitive data," the company said.
"We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product," it added.
_____________________________________________________________________

Macron Puts French Banks in Play With Plan to Transform Europe

The French President signals he’d be open to cross-border bank M&A as he sets out the case for a transformative shift in the continent’s economic model

Macron Puts French Banks in Play With Plan to Transform Europe | Financial  Post
___________________________________________________________________________
Santander hit by massive cyberattack: All staff and '30million' customers  have personal data stolen by gang 'behind Ticketmaster hack' | Daily Mail  Online

Santander hit by massive cyberattack: All staff and '30million' customers have personal data stolen by gang 'behind Ticketmaster hack'

  • Have YOU been affected? Email elizabeth.haigh@mailonline.co.uk 

Hackers are attempting to sell personal data of all Santander staff and up to 30 million customers in the latest reported theft by cybercrime gangs.

A group calling themselves the ShinyHunters posted an advert on the dark web claiming to have information including HR personal data, bank account details, credit card numbers and account balances. 

The group this week also claimed responsibility for a hack of Ticketmaster.

Santander, which employs 20,000 people in the UK and a total of 200,000 worldwide, has confirmed the data has been stolen. 

The bank has apologized for 'the concern this will understandably cause' and said it is currently in the process of contacting affected customers and employees. 

ShinyHunters posted on the dark web claiming to have access to data including 30 million people's bank account information, 28 million credit card numbers and six million account numbers and balances, the BBC reports.

x

Santander customers' private data put up for sale for $2m by hackers |  Banco Santander | The Guardian

RELATED
LATEST ARTICLES IN BLEEPING COMPUTER

No comments:

THIS YEAR'S CHEESE WINNERS

The 4,786 cheeses were marked on four categories - visuals; body and texture; aroma; flavour and mouthfeel - and were evaluated by 240 judge...