Hacker Leaks 270,000 Samsung Customer Records—Stolen Credentials Were Left Unchecked for Years

In a troubling security breach, a hacker exposed the personal data of over 270,000 Samsung customers in Germany, freely dumping it on the internet. The hack, attributed to a cybercriminal operating under the alias “GHNA,” occurred when the attacker accessed a system used by Samsung’s German customer service. 

According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021. This malware, known as “Raccoon Infostealer,” took these credentials after infecting an employee of Spectos GmbH, a company that works with Samsung to monitor service quality.

Although Hudson Rock flagged the credentials years ago, Samsung reportedly failed to rotate or secure them, allowing the hacker to access the system years later, in 2025, and release the data.

“At Hudson Rock, we flagged these compromised credentials years ago in our Cavalier database, which tracks over 30 million infected machines,” said Alon Gal, co-founder of Hudson Rock. “Samsung could’ve acted, but they didn’t, and now the damage is done.”

What’s in the leak?

The dumped data isn’t just a list of customer tickets — it’s a full snapshot of customers’ interactions with Samsung. Here are some of the details found in the leak:

• Full names, email addresses, and home addresses.
• Order numbers and product details (such as TV models).
• Payment methods (though no direct credit card data).
• Tracking links for deliveries.
• Customer complaints and Samsung’s responses.

This wealth of information creates numerous opportunities for cybercriminals. “This isn’t just a list of names—it’s a roadmap to people’s lives,” Gal noted. 

How can malicious actors exploit this?

Cybersecurity experts warn that this data could be weaponized in several dangerous ways, including:

• Hyper-targeted phishing scams: With names, emails, and order details, hackers can send highly convincing fake emails pretending to be Samsung customer support.
• Warranty fraud: Criminals can use leaked order numbers to file fake warranty claims for product replacements.
• Identity theft and account takeover: By impersonating customers using leaked support tickets, hackers can gain unauthorized access to accounts.
• Physical theft (Porch piracy): Attackers could track high-value orders using leaked tracking numbers and intercept deliveries.

A wake-up call for companies

Samsung customers who have contacted Samsung Germany’s support team should be cautious and stay vigilant for suspicious emails, avoiding any unknown links. Additionally, all users should use strong, unique passwords and enable two-factor authentication whenever possible to enhance their online security.

The incident highlights a recurring problem in cybersecurity: the failure to secure and rotate credentials properly. Gal, who first reported the breach, emphasized that this attack is entirely preventable with proper credential hygiene and active monitoring.

“Infostealers don’t need to brute-force their way in; they just wait for human error to hand them the keys,” Gal explained. “When companies fail to monitor or rotate credentials, it’s game over.”

The breach has sparked alarm in the cybersecurity community, with experts warning that using AI tools to sift through and exploit such leaks could turn this chaotic data dump into a goldmine for cybercriminals. AI could automate identifying high-value targets and launching attacks, making it easier for malicious actors to exploit large data dumps like this one at scale.

For Samsung, the breach has raised serious questions about its data security practices. With this information now widely available for free online, the risk of exploitation is high — both for the company and its affected customers.