A threat actor has made claims of breaching SpiderOak, a company known for its secure cloud-based services emphasizing privacy and data security. Founded in 2007, SpiderOak has built a reputation for robust protection of user information. However, the hacker alleges that SpiderOak has ignored their requests and, as a result, has decided to publicly offer the stolen data for sale.
The hacker’s statement details the extent of the breach, claiming to possess:
- Source code for spideroak.com
- Source code for Semaphore (a discontinued application)
- User data for both applications
- A comprehensive list of files
- A total data volume of several petabytes, dating from 2007 to 2024
- Internal files and everything related to around 300,000 accounts
They further reveal that SpiderOak is paying $274,000 for Red Hat services but has seemingly neglected to address the hacker’s demands. The data is being offered for sale at 0.33 BTC per buyer, limited to three buyers, or 1 BTC for exclusive access to all data. The hacker provides a sample as proof and threatens to reveal data for over 20 million more cloud users soon.