Hackers are selling data of Fujitsu customers in dark web

Operators of the illegal platform Marketo are offering for sale thousands of confidential records of Fujitsu, one of Japan’s largest technology companies. On August 26, sellers of stolen information revealed access to at least 4 GB of stolen data, providing some samples of the leak to prove their claims, as well as noting that these records include financial documents from the company and its customers.

Although the cybercriminals claimed to have almost 300 offers to buy this information, a group of researchers was able to examine the publication in Marketo, concluding that the hackers have only received 70 offers. The vendors of this information also control this dark web platform, so many members of the cybersecurity community doubt that the number of offers received by hackers is real.

In this regard, a spokesman for the company denied the version of the cybercriminals, stating that Fujitsu has not detected signs of attack on its storage systems of confidential information, in addition to ruling out that this incident is related to the attack detected in May.

However, Fujitsu acknowledged that the leak could contain information from its customers: “Because this incident appears to involve information related to our customers, we will refrain from commenting on further details,” the spokesperson said.

Despite the doubts generated by Marketo, cybersecurity specialist Ivan Righi believes that this is a platform with a high reputation among the cybercriminal community, so it is likely that those offers have been received: “It is highly likely that the data exposed on the dark web is legitimate. The hackers provided three screenshots with spreadsheets to prove the leak.”

About Marketo, reports indicate that this group was first identified in April 2021 and, although at first it was classified as a ransomware and data theft operation, those responsible for this platform have always announced themselves as a group entirely dedicated to the sale of stolen information. This group has exposed dozens of companies on its illegal platform, including sportswear maker Puma and multiple banking institutions based in the U.S. and Europe.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.