DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Johnson Fitness and Wellness hit by DESORDEN Group

Posted on October 9, 2022 by Dissent

In what has become a familiar event, DESORDEN Group announced yet another attack on a multinational corporation. This time, their target was Johnson Fitness and Wellness, a subsidiary of Johnson Health Tech. Co., Ltd. Johnson Health Tech manufactures exercise training equipment and is listed on the Taiwan stock exchange; Johnson Fitness is headquartered in the U.S. and is an exercise equipment retailer.

In their post on a popular hacking forum, DESORDEN stated that the breach involved 71 GB of data and files affecting Johnson Fitness’s suppliers, dealers, customers, and employees. Files concerning their internal operations and financial records were also acquired.

A screencap of one of Johnson's drives showing folder names. The names have been redacted.
A screencap showing folders in one of the drives accessed on JohnsonFitness.com. DataBreaches.net has redacted the folder names.

Most of the sample files did not contain personal information. Other sample data shared exclusively with DataBreaches included customers’ personal information such as name, address, phone number, and date of birth.

Of note, a leaked “sysusers” file included employee names, email addresses,  usernames, and passwords in plaintext.  DESORDEN’s spokesperson commented that they were surprised that a big company left their passwords in plaintext, “which is really rare in our attacks against big companies.”

“This Johnson hack took quite a lot of time too,” they added, explaining, “we breached into their [Johnson Health Tech’s] mainframe server, but they had AVs and firewall that prevent outgoing connections — only allowed IPs of those within the network. So we have to find the other servers on the same network, breach in and pray hard that the firewall config is allowed.

At the end of the day, we used another breached server to act as a bridge to the mainframe and stole the data. So it took quite a bit of time.”

DESORDEN’s spokesperson could not recall exactly when they first accessed Johnson but estimated that they were in there for months. They still have access, they claim.

According to their statement to DataBreaches, although Johnson read their emails, downloaded the data samples, and watched the video, they did not reply to any of their communications.

DESORDEN explained that their initial communications to a victim do not specify a specific demand amount. “We will wait for victims to respond, then we will set the sum based on their size,” they tell DataBreaches. So because Johnson did not respond to DESORDEN, they do not know how much DESORDEN might be demanding.

The total lack of response suggests that Johnson has no intention of paying any ransom demand. DESORDEN’s spokesperson told DataBreaches that they are neither surprised nor particularly upset by that because they believe they will be able to quickly sell the corporate information and trade secrets they were able to exfiltrate.

DataBreaches sent an email inquiry to Johnson Fitness about their response to the claimed attack. No reply has been received as of publication time.

 

Related posts:

  • Thai entities continue to fall prey to cyberattacks and leaks
  • Major Malaysian water utilities company hit by hackers; Ranhill offline; hackers claim databases and backups deleted
  • Desorden Group expands attack on Central Group after deal to pay them allegedly fell through
  • Recent cyberattacks put Thai citizens’ privacy and data security at greater risk
Category: Breach IncidentsBusiness SectorHackNon-U.S.U.S.

Post navigation

← Talbert House settles litigation stemming from 2021 breach
State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.