Shiny Hunters Attack Santander Bank

The criminal hacking group ShinyHunters claim they have stolen information including bank and credit card numbers, as well as staff HR details. The stolen information is from 30 million customers, employees, and includes bank account data.The hackers belong to the same gang which apparently recently hacked Ticketmaster.   

The hackers are now trying to sell what they claim is confidential information belonging to millions of Santander’s employees and customers.

Santander, which employs 200k staff globally worldwide, has confirmed that the data has been stolen and some is now on the Dark Web for sale. The bank has apologised for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a recent statement. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."
It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum reported by researchers at Dark Web Informer, the group who call themselves ShinyHunters posted an advert saying they had data including:  

•    30 million people’s bank account details
•    6 million account numbers and balances
•    28 million credit card numbers
•    HR information for staff

The data, which includes hashed credit card numbers, the last four digits of credit cards, expiration dates, fraud details, customer names, addresses, emails, ticket and event information details, is now being sold on dark web with a new wave of credit card fraud to be expected.

ShinyHunters have previously been linked with data stolen from AT&T and the same criminal group is presently offering for sale the private data of what is claims are over 500 million Ticketmaster customers. 

According to reports, researchers at threat intelligence company Hudson Rock first posted that the Santander breach and the apparent Ticketmaster exploit are linked to a hack at the US cloud storage company Snowflake. These reports have been firmly challenged by Snowflake and the post has been withdrawn.  

Xavier Sheikrojan, Senior Risk Intelligence Manager at fraud protection platform Signifyd commented "... in the next few days, we are likely to see more companies hit by the cyber attack... The repercussions could last for months or even years, especially with the rise of sleeper accounts - accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later...
 
"Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing users and customers. Sometimes hackers only need one set of matching employee's stolen credentials to get into the company's database, so a forced reset of passwords, using strong and unique passwords, and implementing two factor authentication can be great strategies. This not only protects the business but also safeguards loyal customers."

Signifyd are advising organisations at risk to ensure they are educated and aware of the latest data breach trends. Additionally, to proactively find ways to optimise your machine learning detection. "Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan says. 

Santander   |   @DarkWebInformer     |   HudsonRock   |   BBC   |   Guardian   |    Finextra   |    CityAM   |   

Bleeping Computer   |   HelpNetSecurity   |   The Record   |   Snowflake  

Image: Ideogram

You Might Also Read: 

Defending Your Supply Chain From Cyber Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 




 

« Email Encryption: What It Is & How It Works
A Single Attack Disabled Half A Million Routers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

RedSense

RedSense

RedSense provides industry-leading threat intelligence services, adversary space interaction & monitoring, net flow monitoring and interpretation for our clients.