A threat actor is offering to sell a significant amount of data allegedly stolen from Samsung Electronics Co., Ltd. (Samsung), a multinational electronics and technology conglomerate based in South Korea.
The actor claims the breach was achieved by compromising a third-party contractor that provided services to Samsung. According to the post, this access also affected other companies serviced by the same contractor. The seller alleges they maintain access to parts of Samsung’s infrastructure, specifically mentioning MSSQL databases and AWS S3 buckets.
According to the actor, the compromised data includes a wide range of sensitive corporate and user information. The seller is offering the data in a “One Time Sale” for payment in Monero (XMR).
The allegedly compromised data includes:
- Source Codes
- Private Keys
- SMTP Credentials
- Configuration Files
- Hardcoded Credentials
- User PII (from a healthcare backup)
As proof, the threat actor provided an extensive file tree listing numerous internal projects. The directories shown appear to be related to Samsung’s healthcare and Medison divisions, the Device Solutions (DS) recruitment platform, and internal CRM tools, which supports the claims of obtaining source code and healthcare-related PII.












