Breach Roundup: Spotify Metadata Dumped On-line

Each week, Data Safety Media Group rounds up cybersecurity incidents and breaches all over the world. This week, hackers scraped Spotify metadata, Nissan disclosed a third-party breach, tens of millions of Argentines had been uncovered in an information dealer leak, African authorities carried out a sweeping cybercrime crackdown, Nigerian police arrested the operator behind RaccoonO365, the U.S. DOJ charged an ATM jackpotting ring and a Nefilim ransomware affiliate pleaded responsible.

See Additionally: Prime 10 Technical Predictions for 2025

A pirate activist group going by “Anna’s Archive” scraped Spotify’s music library, posting the favored streaming platform’s metadata on-line.

Hacktivists in a weblog publish mentioned the info scrape included 256 million rows of observe data and 86 million audio information, or about 300 terabytes of metadata. As of Dec. 21, the group has revealed solely metadata and no music information.

“In fact Spotify would not have all of the music on this planet, but it surely’s a fantastic begin,” mentioned Anna’s Archive. The group, launch in November 2022, sometimes focuses on books or educational papers as a part of a putative mission of “preserving humanity’s data and tradition.” It described the Spotify scrape as an effort to construct a “music archive primarily aimed toward preservation.”

“An investigation into unauthorized entry recognized {that a} third social gathering scraped public metadata and used illicit ways to avoid DRM to entry a number of the platform’s audio information,” mentioned a Spotify consultant following the incident. Investigations into the incident are nonetheless underway.

Ed Newton-Rex, a composer and campaigner for shielding artists’ copyright, instructed The Guardian that the leaked music information would most likely be used for creating AI fashions. “Coaching on pirated materials is unfortunately frequent within the AI {industry}, so this stolen music is nearly sure to finish up coaching AI mannequin,” he mentioned. Social media big famously used an 82 terabyte file of pirated books as coaching information.

Japanese automotive producer Nissan mentioned {that a} third-party information breach at Pink Hat affected tens of 1000’s of its prospects.

The corporate mentioned the breach stems from an incident in late September wherein menace actors gained unauthorized entry to Pink Hat’s GitLab occasion, containing instance code snippets, inner communications and undertaking specs. Pink Hat disclosed the breach in early October, stating hackers stole lots of of gigabytes value of delicate information from 28,000 totally different GitLab repositories. Cyber extortion group Crimson Collective claimed accountability for the September breach.

Based on Nissan, buyer info current in Pink Hat’s GitLab repositories included names, addresses, cellphone numbers, partial electronic mail addresses and data related to gross sales actions. No bank card or monetary information was saved within the compromised repository, Nissan mentioned.

This marks the second main safety incident for Nissan this yr. The primary occurred in late August when the ransomware group Qilin hit the producers design subsidiary Artistic Field.

An enormous cache of private information allegedly linked to Buenos Aires-based information dealer SudamericaData is obtainable for obtain on a felony discussion board in what could also be one of many largest information leaks ever in Argentina. The dataset exceeds one terabyte.

SudamericaData, recognized for promoting detailed reviews on people and companies, allegedly continued operations below the identify “WorkManagement” after a court-ordered shutdown in 2023. The menace actor behind the discharge framed the disclosure as an publicity of the corporate’s proprietor and inner operations. The agency reportedly was caught up in a 2023 scandal involving unlawful spying on judges.

The information circulating on-line reportedly embrace databases tied to tens of millions of Argentines with data comparable to a private database of residents, automobile possession, and work historical past and wage, in addition to cellphone numbers, electronic mail addresses and bodily addresses. The dataset additionally reportedly contains web site supply code and inner software information linked to the corporate’s infrastructure.

Police throughout Africa arrested 574 suspects and seized roughly $3 million in illicit funds as a part of a cybercrime operation coordinated by Interpol.

The month-long effort, dubbed Operation Sentinel, ran from late October by means of November and concerned police forces in 19 international locations. Investigators focused enterprise electronic mail compromise, ransomware and digital extortion schemes.

Authorities recognized instances linked to greater than $21 million in tried or realized losses. The operation led to the takedown of 1000’s of malicious hyperlinks and a number of ransomware strains, a number of of which had been efficiently decrypted, permitting victims to recuperate information with out paying ransom.

The crackdown comes amid a broader surge in cybercrime throughout the continent. Latest legislation enforcement assessments present cybercrime now accounts for greater than 30% of all reported crime in components of western and japanese Africa, with two-thirds of surveyed international locations saying digital crimes make up a “medium-to-high” share of criminality of their jurisdiction. On-line scams, phishing, ransomware and enterprise electronic mail compromise dominate reported incidents throughout a number of areas.

Nigeria Police Drive’s Nationwide Cybercrime Centre arrested Okitipi Samuel, often known as “RaccoonO365” and “Moses Felix,” figuring out him because the alleged developer behind a phishing operation used to compromise Microsoft 365 electronic mail accounts globally.

Police mentioned Samuel constructed and operated RaccoonO365, a phishing-as-a-service platform which generated faux Microsoft login pages to reap credentials from company, monetary and academic organizations. The service operated on a subscription mannequin, providing ready-made phishing templates and infrastructure for a charge.

Between January and September 2025, attackers used phishing emails mimicking Microsoft authentication prompts to achieve unauthorized entry to enterprise electronic mail techniques, resulting in enterprise electronic mail compromise, information theft and monetary losses throughout a number of jurisdictions (see: Breach Roundup: Microsoft, Cloudflare Dismantle RaccoonO365).

Nigerian police mentioned Samuel bought phishing hyperlinks on a Telegram channel in trade for cryptocurrency and hosted faux login portals on Cloudflare utilizing stolen or fraudulently obtained credentials. The actors used CAPTCHA and anti-bot controls to evade automated detection.

Two further suspects had been arrested throughout coordinated operations in Lagos and Edo states, the place police seized laptops and cellular gadgets linked to the marketing campaign. Authorities mentioned there isn’t any proof connecting the 2 people to the event or operation of the phishing platform.

U.S. federal prosecutors indicted 54 alleged members and leaders of the Venezuelan gang Tren de Aragua for his or her function in a multi-million-dollar ATM jackpotting rip-off that used Ploutus malware, the U.S. Division of Justice mentioned.

A Nebraska grand jury charged the defendants with financial institution fraud, financial institution housebreaking, pc fraud, cash laundering and conspiracy to supply materials help to terrorists. Prosecutors allege the group contaminated ATMs with Ploutus, forcing the machines to dispense money with out using playing cards or buyer credentials.

Ploutus is a household of ATM-jackpotting malware first recognized in Mexico greater than a decade in the past and that has advanced into a number of variants, together with Ploutus-D. A number of variants written in Microsoft .NET permit attackers with bodily entry to an ATM to immediately work together with the money dispenser by means of industry-standard XFS middleware, bypassing financial institution authorization controls, in accordance to safety researchers at CrowdStrike.

Risk actors focused ATMs throughout a number of states, allegedly producing tens of millions of {dollars} in illicit proceeds.

The U.S. Treasury Workplace of Overseas Belongings Management in July sanctioned prime leaders of Tren de Aragua, together with head Hector “Niño Guerrero” Rusthenford Guerrero Flores and 5 key associates, labeling the group a “Overseas Terrorist Group” for its function in drug trafficking, human smuggling, extortion, sexual exploitation and cash laundering throughout the Western Hemisphere.

A Ukrainian nationwide, Artem Stryzhak, 35, pleaded responsible in a Brooklyn federal court docket to conspiracy to commit pc fraud for his function in a sprawling Nefilim ransomware marketing campaign that focused firms in the US and overseas.

Stryzhak admitted to conspiring to commit pc fraud by deploying Nefilim ransomware in opposition to company networks and demanding ransom funds, U.S. Division of Justice mentioned Friday.

Additionally spelled “Nephilim,” the group emerged in March 2020. Though apparently inactive, Nefilim lower a excessive profile earlier this decade, attacking dwelling home equipment big Whirlpool and hitting unpatched Citrix gateways.

Prosecutors mentioned Stryzhak operated as an affiliate, utilizing ransomware infrastructure offered by the group’s directors in trade for a share of the proceeds. Stryzhak was arrested in Spain in 2024 and extradited to the U.S. earlier this yr.

U.S. authorities say the ransomware operation was overseen by Volodymyr Viktorovych Tymoshchuk, who stays at massive. Tymoshchuk is on the FBI and Europol’s most needed fugitive listing for his alleged function in working the Nefilim, LockerGoga and MegaCortex ransomware strains linked to lots of of assaults worldwide (see: US Feds Indict LockerGoga and MegaCortex Ransomware Hacker).

Different Tales From Final Week

With reporting from Data Safety Media Group’s Gregory Sirico in New Jersey.