A hacker using the alias 888 on a cybercrime forum is offering internal records and data they claim belong to Samsung. In a post dated 13 November 2025, the hacker says the breach came from an attack on a third-party contractor, giving them access to data from several companies, including Samsung.
The hacker says the files include source code, private keys, SMTP credentials, configuration files, hardcoded credentials and user PII taken from a healthcare backup. The post also lists access to MSSQL and AWS S3. In a note, the hacker adds that the MSSQL and AWS S3 data were already exported and dumped, and that the access itself was an extra item they were offering.
The data is being offered as a one-time sale, with the hacker asking interested buyers to submit offers through Keybase. Payment is in XMR, the privacy-focused cryptocurrency also known as Monero.
Alleged Samsung Medison Data
The screenshots shared by the hacker were analysed by Hackread.com and show what appears to be backend database content and cloud storage data from a Samsung Medison healthcare environment, including SQL tables, user/employee records, internal logs and exported cloud directories.
Samsung Medison Co., Ltd is a South Korean medical device company owned by Samsung. It focuses on ultrasound systems and other medical imaging technologies used in hospitals and clinics.
Hackread.com has contacted Samsung for comment, and only the company can confirm or deny the material. If the files turn out to be real, the situation raises a clear privacy and security threat because the data shown includes names, emails, country details, SQL records and cloud logs tied to a healthcare setting. This type of information can be misused for targeting, intrusion or follow-up attacks.
The same hacker has a long record of breaches and leaks going back to the days of the now-closed Breach Forums. In July 2024, they released thousands of employee records tied to Microsoft and Nokia.