Data leak with an announcement: How Samsung & Co. overslept on security

It sounds like a thriller from the digital underworld - but it's a sad reality: over 270,000 German Samsung customers have fallen victim to a massive data leak. Names, addresses, telephone numbers, order details - all exposed online. And the worst thing is that the access was not forced through a sophisticated cyber attack, but through old access data from 2021.

Welcome to the reality of 2025, where high-tech companies with billions in sales are apparently unable to change their admin passwords regularly.

The Raccoon comes through the back door

The story begins in 2021, when the malware "Raccoon Infostealer" ravaged a computer belonging to Spectos GmbH - the company that operates the customer portal for Samsung Germany. Among other things, the malware stole access data. This login data ended up in a database of the security company Hudson Rock - known, publicly accessible and long since marked as compromised.

But what happened at Spectos or Samsung? Nothing. No password change. No alarm. No blocking.

Three years later, the hacker "GHNA" used precisely this old data to officially log into the system with admin rights and steal the data. This is not a hacker attack - this is digital negligence.

Personal data sold for two euros

The scale of the leak is dramatic: the stolen data contains everything needed for identity theft and fraud - full names, addresses, phone numbers, emails, payment information, internal communications with support agents and even uploaded documents such as proof of delivery.

And as if that wasn't enough, the data was published on a well-known hacker forum for a symbolic two euros. A real gift for cyber criminals, who can create phishing emails or fake invoices at lightning speed thanks to AI-supported tools.

Samsung is silent - but the damage to its image is roaring

Despite the clear facts, Samsung has not yet issued an official statement. No apology. No plan for damage limitation. Customers remain in the dark - many don't even know if they are affected. Yet the authenticity of the data has already been confirmed by internal metadata, email addresses of support staff and ticket numbers.

Samsung is now facing a breach of the General Data Protection Regulation (GDPR) - and that can be expensive: In addition to massive fines, customer trust is also at stake. And trust is the most valuable asset in the digital world.

LEGAL DATA says:

This data leak is not just an unfortunate incident - it is an organizational failure. If compromised credentials are in circulation for three years and no one at Samsung or Spectos reacts, that is simply irresponsible. Data protection doesn't just mean "cookie banners", it means real, daily security work.

And the silence from Samsung? Embarrassing. If you have millions of customers, you also have a responsibility - not only in the supply of technology, but also in its protection.

Our conclusion: If companies like Samsung treat IT security so neglectfully, they should be made to pay. Heavy fines, clear requirements - and finally a password change, please. It's 2025, not 1999.