ShinyHunters Strikes: Santander Breach Exposes 30M Customers’ Data for Sale

A Massive Data Breach: Santander Bank Customers and Employees at Risk

Picture this: you’re going about your day, and suddenly you receive a notification that your bank account information is being sold online. This nightmare scenario is now a reality for millions of Santander Bank customers, as a hacker group known as ShinyHunters claims to be selling a massive trove of the bank’s data. This data includes information on 30 million customers, employees, and bank account data, coming to light just two weeks after the bank reported a data breach.

Who Are ShinyHunters?

ShinyHunters has been responsible for selling and leaking data from numerous companies over the years. Just this week, they were allegedly behind a massive Ticketmaster data breach impacting 560 million people. They also operate BreachForums, a notorious online community that traffics in the sale and leaking of stolen data, which has survived several law enforcement takedowns over the past couple of years.

What Happened with Santander Bank?

Two weeks ago, Santander, Spain’s largest bank, disclosed a data breach after detecting unauthorized access to a database hosted by a third-party provider. Their investigation determined that the threat actor accessed data for employees and customers in Chile, Spain, and Uruguay. Santander assured that customer data in all other markets and businesses was not affected. Fast forward two weeks, and ShinyHunters is now claiming to sell this data, including information for customers in Chile, Spain, and Uruguay, for $2 million.

What Information Is Being Sold?

ShinyHunters claims that the stolen data contains personal information for 30 million customers and employees, 28 million credit card numbers, and 6 million account numbers and balances. While they shared samples of the data containing the listed information, it cannot be confirmed to belong to Santander. It’s worth noting that Santander’s Q1 2024 financial report states that there are only 19.5 million customers in those countries, rather than the 30 million claimed by the hackers.

Why Are These Sales Unusual?

The sales of Santander and Ticketmaster data were first listed on the Russian-speaking Exploit hacking forum days before being listed on the newly-restored BreachForums. These sales were listed under the accounts of new members, with no reference to BreachForums or ShinyHunters, leading some to believe the sale on BreachForums is fake. However, ShinyHunters has commonly acted as a data breach broker for other threat actors in the past, and it’s not uncommon for these threat actors to create new aliases on various forums to sell stolen data.

What’s the Track Record of ShinyHunters?

While TicketMaster has not confirmed whether a data breach occurred, ShinyHunters has a reputation for selling valid data breaches in the past. In 2021, they claimed to be selling the stolen data of 73 million AT&T customers, which the company repeatedly denied. However, in 2024, AT&T finally confirmed the data was legitimate after it was leaked on a hacking forum. ShinyHunters has also breached or leaked data for numerous companies, including Wattpad, Tokopedia, Microsoft’s GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.

Take Action to Protect Your Data

As a consumer, these breaches can be terrifying and leave you feeling helpless. But you don’t have to be a victim. Stay informed and take control of your cybersecurity. Contact us to learn more about how to protect yourself and your data from cyber threats. And don’t forget to keep coming back for the latest updates and information on cybersecurity.