Customer info allegedly stolen from Royal Mail, Samsung via compromised supplier
(2025/04/03)
- Reference: 1743661634
- News link: https://www.theregister.co.uk/2025/04/03/royal_mail_data_spectos/
- Source link:
Britain's Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with the same stolen credentials it used to crack Samsung Germany.
"We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail," the UK operation told The Register . Spectos GmbH is a German supplier of logistics management tools and services.
"We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal," the postal org told us.
[1]
GHNA on Monday used the notorious BreachForums site to claim it had pilfered 293 folders and 16,549 files from Royal Mail Group. The data is said to include names, phone numbers, and physical addresses of senders and recipients, plus details about packages. The stolen haul also apparently includes a Mailchimp mailing list, an SQL database that appears to store the WordPress implementation tied to the website mailagents.uk, and recordings of Zoom chats between Royal Mail and Spectos.
[2]
[3]
Infosec outfit Hudson Rock CTO and its co-founder Alon Gal [4]think the allegedly stolen data came from a Raccoon infostealer infection – Windows malware that exfiltrates info from compromised systems – that hit Spectos in 2021 and yielded at least one set of employee account credentials.
GHNA’s post about its alleged Royal Mail haul states it is “courtesy of Spectos, again.”
[5]
Hudson Rock’s Gal thinks it’s likely the same login credentials were used to break into [6]Samsung Germany . That is to say, whichever miscreant logged into Spectos using the compromised credentials to extract Royal Mail data, also took Samsung files, too, or so it's claimed.
We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail
The Samsung incident saw GHNA again claim it had stolen information, in this case 270,000 customer service tickets. The data allegedly spans multiple years but includes a large number of entries dated 2025.
The swiped records apparently include people's full names, physical and email addresses, the model numbers of their hardware, payment details, and communications between Samsung and its German punters.
[7]There are 10,000 reasons to doubt Oracle Cloud's security breach denial
[8]Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
[9]Feds: Army soldier suspected of AT&T heist Googled 'can hacking be treason,' 'defecting to Russia'
[10]Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Hudson Rock warned that analysis of the stolen datasets could allow cybercrims to find and defraud or rob future victims.
Samsung’s data, for example, apparently includes purchase records that mention home addresses – a combo that could allow criminals to pinpoint owners of pricey electronics. The same is true for Royal Mail customers, thanks to the leak apparently containing order histories that could allow crooks to analyze where big spenders reside. The allegedly stolen data could therefore fuel a real-world break-in.
Spectos and Samsung had no comment at the time of writing. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.infostealers.com/article/royal-mail-group-loses-144gb-to-infostealers-same-samsung-hacker-same-2021-infostealer-log/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.infostealers.com/article/samsung-tickets-data-leak-infostealers-strike-again-in-massive-free-dump/
[7] https://www.theregister.com/2025/03/25/oracle_breach_update/
[8] https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/
[9] https://www.theregister.com/2025/02/27/army_soldier_accused_of_att/
[10] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[11] https://whitepapers.theregister.com/
"We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail," the UK operation told The Register . Spectos GmbH is a German supplier of logistics management tools and services.
"We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal," the postal org told us.
[1]
GHNA on Monday used the notorious BreachForums site to claim it had pilfered 293 folders and 16,549 files from Royal Mail Group. The data is said to include names, phone numbers, and physical addresses of senders and recipients, plus details about packages. The stolen haul also apparently includes a Mailchimp mailing list, an SQL database that appears to store the WordPress implementation tied to the website mailagents.uk, and recordings of Zoom chats between Royal Mail and Spectos.
[2]
[3]
Infosec outfit Hudson Rock CTO and its co-founder Alon Gal [4]think the allegedly stolen data came from a Raccoon infostealer infection – Windows malware that exfiltrates info from compromised systems – that hit Spectos in 2021 and yielded at least one set of employee account credentials.
GHNA’s post about its alleged Royal Mail haul states it is “courtesy of Spectos, again.”
[5]
Hudson Rock’s Gal thinks it’s likely the same login credentials were used to break into [6]Samsung Germany . That is to say, whichever miscreant logged into Spectos using the compromised credentials to extract Royal Mail data, also took Samsung files, too, or so it's claimed.
We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail
The Samsung incident saw GHNA again claim it had stolen information, in this case 270,000 customer service tickets. The data allegedly spans multiple years but includes a large number of entries dated 2025.
The swiped records apparently include people's full names, physical and email addresses, the model numbers of their hardware, payment details, and communications between Samsung and its German punters.
[7]There are 10,000 reasons to doubt Oracle Cloud's security breach denial
[8]Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
[9]Feds: Army soldier suspected of AT&T heist Googled 'can hacking be treason,' 'defecting to Russia'
[10]Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Hudson Rock warned that analysis of the stolen datasets could allow cybercrims to find and defraud or rob future victims.
Samsung’s data, for example, apparently includes purchase records that mention home addresses – a combo that could allow criminals to pinpoint owners of pricey electronics. The same is true for Royal Mail customers, thanks to the leak apparently containing order histories that could allow crooks to analyze where big spenders reside. The allegedly stolen data could therefore fuel a real-world break-in.
Spectos and Samsung had no comment at the time of writing. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.infostealers.com/article/royal-mail-group-loses-144gb-to-infostealers-same-samsung-hacker-same-2021-infostealer-log/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-5cQ1889TeecXgYWLMRzwAAA1Q&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.infostealers.com/article/samsung-tickets-data-leak-infostealers-strike-again-in-massive-free-dump/
[7] https://www.theregister.com/2025/03/25/oracle_breach_update/
[8] https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/
[9] https://www.theregister.com/2025/02/27/army_soldier_accused_of_att/
[10] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[11] https://whitepapers.theregister.com/
Big spenders
Anonymous Coward
3 females and a 20 something year old at home who buy a lot from shien and temu would seen to be big spenders. But a lot is returned and the rest is cheap toot
Add the granddaughters food is delivered weekly too
Did luck to them finding anything worth taking
So did the hackers use Postbox for their requests?