A lone hacker has managed to break into the private files of about 50 major companies around the world, including Pickett, Sekisui House, IFLUSAC, Iberia Airlines, K3G Solutions, CRRC MA, GreenBills, and CiberC, reveals the latest research by the Israeli cybersecurity firm Hudson Rock conducted for its sister site Infostealers.com.
Researchers identified the attacker who is believed to be an Iranian national operating under the online names Zestix and Sentap. This individual is currently auctioning off massive amounts of stolen corporate data on dark web forums to the highest bidder.
While we might expect these large organisations to be hard to get into, this wasn’t a very difficult job for the hacker. However, researchers noted that the hacker simply used stolen passwords to log into accounts that didn’t have basic security authentication in place.
How “Infostealers” Opened the Door
The hacker didn’t hack the companies directly. Instead, they used Infostealers, specifically RedLine, Lumma, and Vidar. These viruses sneak onto a person’s computer usually after the victim downloads a fake file or a cracked game, and quietly steal every password saved in their web browser.
Once Zestix had these passwords, they just used them to log into company file-sharing sites like ShareFile, Nextcloud, and OwnCloud. The only reason this worked is that these 50 companies failed to turn on Multi-Factor Authentication (MFA).
MFA, as we know it, is that extra step where a site asks for a code from your phone after you type your password. Since that second step wasn’t required, the stolen password was all the hacker needed to walk right in.
Who Was Affected?
The stolen data includes everything from private medical files to military blueprints. For example, Iberia Airlines had 77 GB of data taken, including safety manuals for their planes. A U.S. firm called Pickett & Associates lost 139 GB of data, which included detailed maps of power lines and utility stations.
It’s important to mention that in November 2025, Iberia Airlines was also involved in another data breach in which Everest ransomware stole and later leaked 596GB of the airline’s internal and customer data.
The reach of the attack, as per the company’s report, was truly global. In Turkey, Intecro Robotics saw its designs for military drones and fighter jets put up for sale. In Brazil, Maida Health lost 2.3 terabytes of medical records belonging to the military police. Even public transit was hit, with internal plans for train brakes and signalling used by the LA Metro being exposed through a company called CRRC MA.
A Lesson in Basic Security
Some of the stolen passwords used in these attacks were years old. If these companies had forced a password change or simply required a phone code to log in, this entire disaster could have been avoided.
Hudson Rock warns that credentials for employees at other giants like Samsung, Walmart, and Deloitte are also floating around in these hacker logs, meaning they could be at risk too. This is a reminder for all of us: a password alone is no longer enough to keep your information safe.