DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Johnson Fitness and Wellness hit by DESORDEN Group

Posted on October 9, 2022 by Dissent

In what has become a familiar event, DESORDEN Group announced yet another attack on a multinational corporation. This time, their target was Johnson Fitness and Wellness, a subsidiary of Johnson Health Tech. Co., Ltd. Johnson Health Tech manufactures exercise training equipment and is listed on the Taiwan stock exchange; Johnson Fitness is headquartered in the U.S. and is an exercise equipment retailer.

In their post on a popular hacking forum, DESORDEN stated that the breach involved 71 GB of data and files affecting Johnson Fitness’s suppliers, dealers, customers, and employees. Files concerning their internal operations and financial records were also acquired.

A screencap of one of Johnson's drives showing folder names. The names have been redacted.
A screencap showing folders in one of the drives accessed on JohnsonFitness.com. DataBreaches.net has redacted the folder names.

Most of the sample files did not contain personal information. Other sample data shared exclusively with DataBreaches included customers’ personal information such as name, address, phone number, and date of birth.

Of note, a leaked “sysusers” file included employee names, email addresses,  usernames, and passwords in plaintext.  DESORDEN’s spokesperson commented that they were surprised that a big company left their passwords in plaintext, “which is really rare in our attacks against big companies.”

“This Johnson hack took quite a lot of time too,” they added, explaining, “we breached into their [Johnson Health Tech’s] mainframe server, but they had AVs and firewall that prevent outgoing connections — only allowed IPs of those within the network. So we have to find the other servers on the same network, breach in and pray hard that the firewall config is allowed.

At the end of the day, we used another breached server to act as a bridge to the mainframe and stole the data. So it took quite a bit of time.”

DESORDEN’s spokesperson could not recall exactly when they first accessed Johnson but estimated that they were in there for months. They still have access, they claim.

According to their statement to DataBreaches, although Johnson read their emails, downloaded the data samples, and watched the video, they did not reply to any of their communications.

DESORDEN explained that their initial communications to a victim do not specify a specific demand amount. “We will wait for victims to respond, then we will set the sum based on their size,” they tell DataBreaches. So because Johnson did not respond to DESORDEN, they do not know how much DESORDEN might be demanding.

The total lack of response suggests that Johnson has no intention of paying any ransom demand. DESORDEN’s spokesperson told DataBreaches that they are neither surprised nor particularly upset by that because they believe they will be able to quickly sell the corporate information and trade secrets they were able to exfiltrate.

DataBreaches sent an email inquiry to Johnson Fitness about their response to the claimed attack. No reply has been received as of publication time.

 

Category: Breach IncidentsBusiness SectorHackNon-U.S.U.S.

Post navigation

← Talbert House settles litigation stemming from 2021 breach
State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.