Cybercriminals Target Major Industries with Alarming Breaches This Week
Cybercriminals have intensified their activities globally, with SOCRadar’s Dark Web Team revealing a series of significant breaches this week. One noteworthy incident involves the alleged leak of millions of customer records from the French vehicle inspection company, AUTOSUR. A hacker claims to have made approximately 10.7 million customer records available for sale, exposing sensitive data including names, email addresses, phone numbers, hashed passwords, home addresses, vehicle details, and license plate numbers. This breach reportedly occurred on March 16, 2025, and the attacker is demanding $7,500 in Monero (XMR) for access to the complete database of 12 million records. The potential ramifications of this incident are extensive, as exposed data can lead to identity theft, targeted phishing attacks, and financial fraud. Should the allegations be verified, AUTOSUR could face severe regulatory scrutiny under GDPR provisions, suggesting significant reputational damage.
In another troubling development, unauthorized access to the shipping portals of Lenovo and HP has emerged. The Dark Web Team identified a post where a hacker offers access to these portals, specifically targeting shipment tracking activities in India. With claims of providing real-time tracking of Return Merchandise Authorizations (RMAs) and logistics details, this breach poses risks to supply chain security. Sensitive information such as shipment contents, customer identities, and delivery locations could be exploited for theft, fraudulent redirection of shipments, or social engineering attacks. The regional focus on India raises additional concerns about logistics vulnerabilities that could tarnish the reputations of both companies in the local market.
Moreover, a hacker forum post has surfaced, offering personal and financial data of approximately 3 million U.S. citizens. This breach includes Social Security numbers, bank account details, routing numbers, driver’s licenses, and employment information. The authenticity of the data has been reinforced by the provision of samples, indicating a high likelihood of legitimacy. The urgency for vigilance is underscored by the extensive and recent nature of the data, significantly heightening the risks of identity theft, financial fraud, and targeted phishing attacks against financial institutions and the affected individuals.
The Dark Web Team has also uncovered a leak involving the National Telecommunications Commission of the Philippines. Allegedly, a hacker has accessed critical infrastructure data, including nationwide network vulnerabilities and operational details regarding broadcasting licenses, telecom permits, and frequency allocations. This breach is purportedly politically motivated, with the attacker critiquing the cybersecurity practices of the Philippine government. If verified, the implications of this leak could severely affect national security and privacy for millions of citizens.
In the realm of entertainment, a tool named the "Atlantis Checker" aimed at Disney+ has been posted by a threat actor. This tool is designed to facilitate credential stuffing attacks, allowing the rapid verification of stolen account credentials. The emergence of such tools actively targeting streaming services raises the risk of account takeovers, unauthorized access to streaming content, and potential financial fraud for users.
Additionally, a vast crypto and forex leads database has come to light for sale, encompassing information from various countries such as Canada, Australia, Germany, the UK, and Italy. The dataset, containing details of depositors and individuals targeted for recovery scams, increases the likelihood of targeted phishing attacks and recovery scams exploiting prior victims of financial loss in these markets. A particular emphasis on data related to Coinbase USA indicates a strategic approach to identifying high-value targets.
Finally, a breach involving over 200,000 records related to FiveM, a popular gaming platform, has also been claimed by a hacker. The leaked dataset includes a diverse range of identifiers, including Discord and Steam IDs, which could facilitate targeted phishing and identity theft. The potential for further exploitation through connections across multiple gaming platforms enhances the risks faced by users.
These incidents highlight alarming trends in cybercriminal activity, characterized by their targeting of sensitive data from diverse industries. The MITRE ATT&CK framework identifies key adversary tactics potentially at play, including initial access through social engineering, persistence through stolen credentials, and privilege escalation by exploiting software vulnerabilities. As these vulnerabilities become more evident, it emphasizes the need for robust cybersecurity measures and vigilance within organizations to safeguard against these evolving threats.
