A cybersecurity breach has exposed the private files of approximately 50 significant corporations worldwide, including notable names such as Pickett, Sekisui House, IFLUSAC, Iberia Airlines, K3G Solutions, CRRC MA, GreenBills, and CiberC. This alarming information comes from a recent investigation conducted by the Israeli cybersecurity firm Hudson Rock for its affiliated site, Infostealers.com.
Researchers have traced the breach to an individual believed to be an Iranian national, operating under the aliases Zestix and Sentap. This hacker is currently offering large volumes of the compromised corporate data for sale on dark web forums.
While one might assume that these large organizations would possess robust security systems, the hacker managed to gain access quite easily. Researchers discovered that the attacker leveraged stolen passwords to log into accounts that lacked multi-factor authentication (MFA), a crucial security measure that many companies failed to implement.
How “Infostealers” Enabled the Attack
Instead of directly breaching the companies’ systems, the hacker utilized Infostealer malware, specifically variants like RedLine, Lumma, and Vidar. These malicious programs typically infiltrate victims’ computers after the user unknowingly downloads a fraudulent file or cracked software, quietly extracting saved passwords from their web browsers.
Once in possession of these passwords, Zestix exploited them to access corporate file-sharing platforms such as ShareFile, Nextcloud, and OwnCloud. The successful logins were primarily due to the absence of MFA across the affected organizations, which would have provided an additional layer of security against such breaches.
MFA typically requires users to input a code sent to their mobile device following the entry of their password. The lack of this second verification step allowed the hacker to gain unhindered access using only the stolen credentials.
Impacted Organizations
The stolen data encompasses a wide range of sensitive material, including personal medical records and military blueprints. Iberia Airlines was significantly affected, with 77 GB of data stolen, including safety manuals related to its aircraft. Similarly, U.S.-based Pickett & Associates experienced a loss of 139 GB, which included detailed infrastructure maps of power lines and utility stations.
Additionally, it is noteworthy that Iberia Airlines faced another incident in November 2025, when Everest ransomware compromised and leaked 596 GB of internal and customer data.
The global ramifications of this attack are striking, as reported by Hudson Rock. For instance, in Turkey, Intecro Robotics experienced the theft of military drone and fighter jet designs. Meanwhile, Brazilian company Maida Health suffered the loss of 2.3 terabytes of medical records belonging to military police. Public transportation was also affected, with sensitive details on train braking and signaling systems exposed via CRRC MA.
Insights on Security Practices
Many of the compromised passwords were outdated, highlighting a critical failure in security management. Had these organizations enforced regular password changes or instituted MFA, the scale of this breach might have been significantly mitigated.
Moreover, Hudson Rock has issued a warning that credentials for employees at other major corporations like Samsung, Walmart, and Deloitte are also accessible through these hacked logs, raising concerns about further risks. This incident serves as a stern reminder that relying solely on passwords is no longer sufficient for securing sensitive information in today’s digital landscape.
