Eurail disclosed a mid-January breach in which attackers stole customer personal, order, reservation, passport, and sensitive DiscoverEU data and are now offering the stolen records for sale. The hackers claim to have exfiltrated roughly 1.3 TB from AWS S3, Zendesk, and GitLab and have posted samples on Telegram while threatening to publicly release all data if a buyer isnβt found. #Eurail #AWS_S3
Keypoints
- Eurail confirmed customer data was stolen and is being offered for sale.
- Attackers claim roughly 1.3 TB of data was taken from AWS S3, Zendesk, and GitLab.
- Compromised records reportedly include names, dates of birth, contact details, passport copies, and some bank and health data for DiscoverEU recipients.
- Samples have been shared on a Telegram channel and some listings appeared on a surface web cybercrime site.
- Eurail is investigating the scope and number of affected customers while attackers threaten public release if negotiations fail.
Read More: https://www.securityweek.com/hackers-offer-to-sell-millions-of-eurail-user-records/