Shiny Hunters Attack Santander Bank

Uploaded on 2024-06-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The criminal hacking group ShinyHunters claim they have stolen information including bank and credit card numbers, as well as staff HR details. The stolen information is from 30 million customers, employees, and includes bank account data.The hackers belong to the same gang which apparently recently hacked Ticketmaster.   

The hackers are now trying to sell what they claim is confidential information belonging to millions of Santander’s employees and customers.

Santander, which employs 200k staff globally worldwide, has confirmed that the data has been stolen and some is now on the Dark Web for sale. The bank has apologised for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a recent statement. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."
It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum reported by researchers at Dark Web Informer, the group who call themselves ShinyHunters posted an advert saying they had data including:  

•    30 million people’s bank account details
•    6 million account numbers and balances
•    28 million credit card numbers
•    HR information for staff

The data, which includes hashed credit card numbers, the last four digits of credit cards, expiration dates, fraud details, customer names, addresses, emails, ticket and event information details, is now being sold on dark web with a new wave of credit card fraud to be expected.

ShinyHunters have previously been linked with data stolen from AT&T and the same criminal group is presently offering for sale the private data of what is claims are over 500 million Ticketmaster customers. 

According to reports, researchers at threat intelligence company Hudson Rock first posted that the Santander breach and the apparent Ticketmaster exploit are linked to a hack at the US cloud storage company Snowflake. These reports have been firmly challenged by Snowflake and the post has been withdrawn.  

Xavier Sheikrojan, Senior Risk Intelligence Manager at fraud protection platform Signifyd commented "... in the next few days, we are likely to see more companies hit by the cyber attack... The repercussions could last for months or even years, especially with the rise of sleeper accounts - accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later...
 
"Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing users and customers. Sometimes hackers only need one set of matching employee's stolen credentials to get into the company's database, so a forced reset of passwords, using strong and unique passwords, and implementing two factor authentication can be great strategies. This not only protects the business but also safeguards loyal customers."

Signifyd are advising organisations at risk to ensure they are educated and aware of the latest data breach trends. Additionally, to proactively find ways to optimise your machine learning detection. "Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan says. 

Santander   |   @DarkWebInformer     |   HudsonRock   |   BBC   |   Guardian   |    Finextra   |    CityAM   |   

Bleeping Computer   |   HelpNetSecurity   |   The Record   |   Snowflake  

Image: Ideogram

You Might Also Read: 

Defending Your Supply Chain From Cyber Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Email Encryption: What It Is & How It Works
A Single Attack Disabled Half A Million Routers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.