Shiny Hunters Attack Santander Bank

The criminal hacking group ShinyHunters claim they have stolen information including bank and credit card numbers, as well as staff HR details. The stolen information is from 30 million customers, employees, and includes bank account data.The hackers belong to the same gang which apparently recently hacked Ticketmaster.   

The hackers are now trying to sell what they claim is confidential information belonging to millions of Santander’s employees and customers.

Santander, which employs 200k staff globally worldwide, has confirmed that the data has been stolen and some is now on the Dark Web for sale. The bank has apologised for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a recent statement. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."
It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum reported by researchers at Dark Web Informer, the group who call themselves ShinyHunters posted an advert saying they had data including:  

•    30 million people’s bank account details
•    6 million account numbers and balances
•    28 million credit card numbers
•    HR information for staff

The data, which includes hashed credit card numbers, the last four digits of credit cards, expiration dates, fraud details, customer names, addresses, emails, ticket and event information details, is now being sold on dark web with a new wave of credit card fraud to be expected.

ShinyHunters have previously been linked with data stolen from AT&T and the same criminal group is presently offering for sale the private data of what is claims are over 500 million Ticketmaster customers. 

According to reports, researchers at threat intelligence company Hudson Rock first posted that the Santander breach and the apparent Ticketmaster exploit are linked to a hack at the US cloud storage company Snowflake. These reports have been firmly challenged by Snowflake and the post has been withdrawn.  

Xavier Sheikrojan, Senior Risk Intelligence Manager at fraud protection platform Signifyd commented "... in the next few days, we are likely to see more companies hit by the cyber attack... The repercussions could last for months or even years, especially with the rise of sleeper accounts - accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later...
 
"Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing users and customers. Sometimes hackers only need one set of matching employee's stolen credentials to get into the company's database, so a forced reset of passwords, using strong and unique passwords, and implementing two factor authentication can be great strategies. This not only protects the business but also safeguards loyal customers."

Signifyd are advising organisations at risk to ensure they are educated and aware of the latest data breach trends. Additionally, to proactively find ways to optimise your machine learning detection. "Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan says. 

Santander   |   @DarkWebInformer     |   HudsonRock   |   BBC   |   Guardian   |    Finextra   |    CityAM   |   

Bleeping Computer   |   HelpNetSecurity   |   The Record   |   Snowflake  

Image: Ideogram

You Might Also Read: 

Defending Your Supply Chain From Cyber Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 




 

« Email Encryption: What It Is & How It Works
A Single Attack Disabled Half A Million Routers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Fibernet

Fibernet

Fibernet's innovative solutions in the fields of cybersecurity and fiber optics range from telecommunications infrastructure to small business cybersecurity.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.