Update: ShinyHunters has provided DataBreaches with some data related to the attack on Stellantis, which they now are claiming responsibility for. They tell DataBreaches that the attack was reportedly part of the Salesforce campaign, but it was only last week that many targets first received ransom notes. On inquiry, ShinyHunters provided DataBreaches with a listing that indicates that Maserati data was dumped on or about April 23, while FCA Group/Stellantis was dumped on August 7. Line counts with filenames redacted were provided as:
502851 maserati.csv
9429250 fcagroup_dump_account_[redacted].jsonl
8134310 fcagroup_dump_contact_[redacted].jsonl
217250 fcagroup_dump_user_[redacted].jsonl
As part of what ShinyHunters provided this site, the following fields were reportedly part of the maserati.csv:
From the dates that data was dumped (not shown here but provided to DataBreaches), it appears that Stellantis only “detected” the unauthorized access after the threat actors contacted them with a ransom demand. DataBreaches has emailed Stellantis with the sample data and other information ShinyHunters provided and has asked them if they will confirm the claims. This post will be updated when a reply is received.
Reuters reports:
Stellantis detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, the company said in a statement on Sunday.
The automaker said the incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data. Stellantis did not specify how many customers were affected.
“Upon discovery, we immediately activated our incident response protocols … and are directly informing affected customers,” the Chrysler parent said in the statement.
It said it had notified authorities and urged customers to be alert to possible phishing attempts.
Read more at Reuters.