Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.

A hacker using the alias 888 on a cybercrime forum is offering internal records and data they claim belong to Samsung. In a post dated 13 November 2025, the hacker says the breach came from an attack on a third-party contractor, giving them access to data from several companies, including Samsung.

The hacker says the files include source code, private keys, SMTP credentials, configuration files, hardcoded credentials and user PII taken from a healthcare backup. The post also lists access to MSSQL and AWS S3. In a note, the hacker adds that the MSSQL and AWS S3 data were already exported and dumped, and that the access itself was an extra item they were offering.

While the exact size of the data remains unclear, it ...