A threat actor calling themselves bytetobreach claims to have breached Viking Line and published a full passenger database including vehicle registration plates and system credentials. They also published a correlated NetAxept payment dataset tying passengers to onboard transactions and detailed an attack chain exploiting a 2021 Solr LFI to obtain Tomcat credentials and deploy a reverse shell. #bytetobreach #VikingLine #NetAxept #SolrLFI #Tomcat
Keypoints
- bytetobreach claims to have exfiltrated Viking Lineβs complete passenger database, including vehicle registration plates.
- A separate NetAxept payment dataset allegedly links passenger identities to onboard transaction and purchase histories across all ships.
- The actor describes an attack chain exploiting a 2021 Solr LFI to steal Tomcat credentials, upload a JSP reverse shell, and pivot to the master server.
- Leaked items reportedly include frontend/backend access, system accounts and credentials, and redacted database links provided for download.
- The incident is labeled critical and affects Finnish ferry operator Viking Line, with total records unknown and data reportedly published freely.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!