After a hacker dumped hundreds of thousands of customer tickets from Samsung Germany online, cybercrime experts are pointing out that the hack-and-leak operation was entirely preventable.
The leak of around 270,000 Samsung Germany customer tickets, apparently sourced from samsung-shop.spectos.com and dumped online by the hacker “GHNA,” is seemingly unrelated to any zero-day exploit or an insider job.
According to cyberintelligence firm Hudson Rock, the breach is connected to credentials stolen by infostealers back in 2021. The company has actually had these credentials in its database for years.
That’s why Alon Gal, Hudson Rock’s co-founder and chief technology officer, now says that the leak could have been prevented. Instead, it’s now a “treasure trove for cybercriminals worldwide.”
After analyzing the data, Cybernews researchers have confirmed that the dump is very real and indeed recent. Plus, it’s all completely free – this means that absolutely anyone, including threat actors, can grab the data and exploit it.
What type of Samsung data was leaked?
As verified by our team, the data includes customer first and last names, email, and home addresses. Just as importantly, transactional details such as order numbers, ticket IDs, and Samsung’s agent emails have been leaked.
In other words, these tickets aren’t just random support logs. According to Hudson Rock, they’re a detailed – and sensitive – snapshot of Samsung Germany’s customer base.
“This isn’t just a list of names – it’s a roadmap to people’s lives. From exact addresses to what TV they bought three years ago, it’s all there, dumped for anyone to grab,” Gal wrote.
The dump could become a goldmine for cybercriminals or anyone willing to play around with the data. One possibility is a physical attack.
With full addresses, order numbers, and tracking URLs, hackers could monitor delivery schedules and swoop in to steal packages like expensive TVs. Local thieves could be hired to complete the job.
A hyper-targeted phishing attack would be just as realistic. In possession of names, emails, and exact purchase details, a crook could craft phishing emails that look totally legitimate.
This is how an email could read, according to Hudson Rock: “Dear Joseph Förster, we’re processing your return for order DE321116-32511544 (GU50AV7199UXZG). Click here to confirm your refund.”
If you click, there’s a high chance your credit card number will be stolen.
Hackers could also use the order numbers to submit fraudulent warranty claims to Samsung or third-party retailers and even take over accounts via customer support impersonation.
They could trick customers into “verifying” their account by providing passwords or 2FA codes, claiming they’re needed to resolve an ongoing ticket issue like “Lieferung unvollständig” (incomplete delivery).
Samsung data can now be weaponizes
Samsung Germany can probably only blame itself for any potential chaos within its customer support systems.
That’s because the data was harvested four years ago. In 2021, a Raccoon Infostealer malware silently grabbed login credentials from an employee of Spectos GmbH, which is used for monitoring and improving service quality and is tied to Samsung's German ticketing system.
Despite Hudson Rock flagging these compromised credentials years ago in its Cavalier database, they sat idle for years until the hacker “GHNA” got their hands on them.
Even if a data dump is messy and inconsistent, it can be weaponized at scale with the help of AI.
Now, even though Samsung could have acted, the customer tickets – most from 2025 – are on the open internet, courtesy of a simple login that never got rotated.
“Infostealers don’t need to brute-force their way in; they just wait for human error to hand them the keys. And when companies fail to monitor or rotate credentials, it’s game over,” said Hudson Rock.
The operator of the Raccoon infostealer malware-as-service, thought to be responsible for hundreds of thousands of infections and the compromise of millions of user credentials, was sentenced to five years in prison in late 2024. However, the operation was still very active in 2021.
AI is also a new and scary tool in the world of cybercrime these days. So even if a data dump is messy and inconsistent, it can be weaponized at scale with the help of AI.
“Hackers will go from manual cherry-picking to hitting thousands of victims daily. With ‘GHNA’ handing this out for free, any script kiddie with a GPT knockoff could turn it into a payday. That’s the future we’re staring at,” said Hudson Rock.
Your email address will not be published. Required fields are markedmarked