Santander hack: Hackers offer confidential data for sale
ShinyHunters claims to have credit card numbers for 28 million individuals
Santander bank is facing a new crisis just two weeks after admitting a data breach.
Notorious hacking group ShinyHunters has claimed to possess the stolen personal details of millions of the bank's customers and staff.
The group is advertising the data for sale for $2 million on a hacking forum, reportedly including:
- Bank account details of 30 million customers
- Credit card numbers for 28 million individuals
- Account numbers and balances for 6 million accounts
- Employee HR information for current and some former Santander staff
Santander has not yet confirmed the accuracy of ShinyHunters' claims.
Earlier this month, the bank acknowledged unauthorised access to a database containing information about customers in Chile, Spain and Uruguay.
"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said, adding that customer data in all other Santander markets and businesses are not affected.
The bank downplayed the severity of the breach, stating that no online banking credentials were compromised.
"No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords. The bank's operations and systems are not affected, so customers can continue to transact securely."
Santander said it has notified regulators and law enforcement agencies, and will continue to work closely with them.
ShinyHunters have a history of selling stolen data, including information taken from the US telecom firm AT&T.
More recently, they claimed responsibility for hacking 560 million customer accounts at Ticketmaster. The group said it had obtained full names, addresses, phone numbers, email addresses, ticket purchase details and partial payment data, including the last four digits of credit card numbers and card expiration dates.
Cybersecurity firm Hudson Rock said Santander breach and the Ticketmaster one might be linked to a major attack targeting cloud storage company Snowflake.
A single compromised Snowflake employee account reportedly enabled hackers to bypass security measures and access data belonging to a number of Snowflake customers.
Snowflake's cloud data platform serves 9,437 customers, including major companies such as Adobe, AT&T, Capital One, HP, Mastercard, Okta, PepsiCo and Western Union.
The threat actor claimed they intended to blackmail Snowflake into repurchasing the stolen data for $20 million, but the company did not respond to their extortion attempts.
Snowflake denied any vulnerability in its system, insisting that the breaches resulted from poorly secured customer accounts.
Mandiant Consulting CTO Charles Carmakal told Bleeping Computer that Mandiant has been assisting affected Snowflake customers over the past few weeks. Based on their investigation so far, Mandiant believes attackers leveraged stolen credentials, likely obtained through information-stealing malware, to compromise victims' Snowflake deployments.
Last week, Snowflake warned customers that it was investigating a spike in attacks targeting some customer accounts. Additionally, the company's CISO Brad Jones confirmed some accounts were compromised on 23rd May.