A threat actor is allegedly selling sensitive data belonging to Anuvu, a prominent US-based provider of high-speed satellite connectivity and entertainment for the aviation and maritime industries. Anuvu, formerly known as Global Eagle, is a critical vendor for numerous airlines, cruise lines, and shipping companies worldwide, delivering in-flight and at-sea internet and media services. The alleged breach was advertised on a dark web forum, where the seller claims to possess credentials and customer databases.
The threat actor claims to be in possession of over 70 credentials for Anuvu’s internal services, including access to AWS and Postgres databases. Screenshots shared as proof of the breach suggest that the compromised data is extensive. The leak allegedly includes databases containing client and customer information, internal logs, and employee details. Among the exposed data are tables listing high-profile maritime clients such as Carnival UK, Petrobras, Golden Alaska Seafoods, and even a project related to the United States Coast Guard (USCG).
The allegedly leaked data includes:
- Credentials for internal services like AWS and Postgres
- Databases of clients and customers
- User tables with employee names, email addresses, and hashed passwords
- Maritime and Starlink customer contract details
- Internal system logs
