A risk actor often called ShinyHunters is claiming to be promoting an enormous trove of Santander Financial institution knowledge, together with info for 30 million prospects, staff, and checking account knowledge, two weeks after the financial institution reported an information breach.
ShinyHunters is understood for promoting and leaking knowledge from quite a few firms over time, together with this week’s alleged huge Ticketmaster knowledge breach impacting 560 million folks.
They’re additionally the proprietor of BreachForums, a infamous on-line neighborhood trafficking within the sale and leaking of stolen knowledge which has survived a number of legislation enforcement takedowns over the previous couple of years
Two weeks in the past, Spain’s largest financial institution, Santander, disclosed an information breach after detecting unauthorized entry to a database hosted by a third-party supplier.
The corporate’s investigation decided that the risk actor accessed knowledge for workers and prospects in Chile, Spain, and Uruguay.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” reads a assertion from Santander.
“Customer data in all other Santander markets and businesses are not affected.”
Quick ahead two weeks, and as first noticed by Darkish Net Informer, ShinyHunters is now claiming to promote the information for Santander prospects in Chile, Spain, and Uruguay for $2 million, the identical knowledge the financial institution reported was stolen.
ShinyHunters claims that the stolen knowledge comprises the private info of 30 million prospects and staff, 28 million bank card numbers, and 6 million account numbers and balances.
As a part of the sale itemizing, the risk actor additionally shared samples of the information that comprises the listed info however can’t be confirmed to belong to Santander.
This itemizing comes quickly after the FBI seized BreachForums on Might fifteenth, which was operated by ShinyHunters and one other risk actor often called Baphomet.
Whereas ShinyHunters says that Baphomet was arrested, he rapidly restored the BreachForums web site from a backup to a brand new area.
Since then, the risk actor posted the sale of Ticketmaster and Santander, which some really feel was achieved to revive the fame of the positioning after its takedown by legislation enforcement.
Nonetheless, what makes these gross sales uncommon is that each have been first listed on the Russian-speaking Exploit hacking discussion board days earlier than they have been listed on the newly-restored BreachForums.
These gross sales have been listed beneath the accounts of latest members, with no reference to BreachForums or ShinyHunters, making others imagine the sale on BreachForums is a pretend.
Nonetheless, ShinyHunters has generally acted as an information breach dealer for different risk actors previously, and it’s not unusual for these risk actors to create new aliases on numerous boards to promote stolen knowledge.
Whereas TicketMaster has not confirmed whether or not an information breach occurred, ShinyHunters has a fame for promoting legitimate knowledge breaches previously.
In 2021, Shiny Hunters claimed to be promoting the stolen knowledge of 73 million AT&T prospects, which the corporate repeatedly denied to BleepingComputer.
“I don’t care if they don’t admit. I’m just selling,” ShinyHunters informed BleepingComputer on the time.
In 2024, after the AT&T knowledge was leaked on a hacking discussion board, AT&T lastly confirmed that the information was legit and that that they had suffered a breach.
Previously, ShinyHunters has breached or leaked the information for quite a few firms, together with Wattpad, Tokopedia, Microsoft’s GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many extra.