The same pseudo-hacker who recently took credit for a fake NordVPN data breach now claims to have penetrated the Dutch chip component behemoth ASML. However, the Cybernews research team believes the attacker is once again full of hot air.
-
Data leak forum user falsely claimed to leak 154 databases from chipmaker ASML.
-
Cybernews researchers analyzed the data and confirmed the ASML breach claims appear to be fake.
-
The same attacker previously made false claims about breaching NordVPN using similar tactics.
-
Scammers likely post fake breaches to earn forum credits for purchasing legitimate stolen data later.
The attacker, nicknamed 1011, announced the alleged data breach on a popular data leak forum, often utilized to exchange stolen details. The claims were hardly modest, as 1011 said that they would leak 154 databases owned by ASML.
ASML is an essential part of the global microchip-making industry, as the Dutch company is the sole producer of Extreme Ultraviolet (EUV) lithography machines. The company’s reported revenue exceeded $33 billion last year.
Meanwhile, ASML shared a statement with Cybernews, which explained that the company is aware of the attacker claims and denied their credibility.
“ASML is aware of a post published on BreachForums on January 6, 2026, which alleges the exposure of company information,” the company said in a statement.
According to 1011, the supposedly leaked databases included disk encryption keys, user information, and data related to software and devices. If the claim were true, the implications of the breach would be massive, as the attacker could access highly sensitive ASML data and move laterally within the company’s systems.
However, the Cybernews research team investigated the alleged data leak, deducing that the information 1011 is peddling is, in fact, useless. According to the team, the data was dumped from a server with no verifiable link to ASML, no encryption keys were present, and only one default admin user was included.
Our researchers noted that 1011 is the same attacker who announced the data breach of NordVPN earlier this week. The company has since denied losing any information, with representatives calling the claims “false.”
Similar to the fake ASML data breach, the attacker threatened to leak numerous sensitive databases.
“It is interesting that this user still hasn't been banned from the forum for scamming. This situation shows that there isn't really any moderation on the forum at the moment, which is not the usual state of affairs,” the team explained.
There are numerous reasons why attackers would post useless data. However, the most likely one is to obtain credits, which function like a currency in data leak forums. 1011 makes bold claims that are impossible to ignore and entices users to spend credits for databases full of useless information.
Once the attacker obtains credit, they can use the forum currency to purchase other data leaks and engage in scams.
“No honor among thieves” is hardly a new concept. In September of 2025, attackers boasted of having stolen source code from the Santa Fe County government website. However, the Cybernews research team found out that they were peddling outdated information.
Updated on January 8th [09:30 a.m. GMT] with a statement from ASML.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked