Alleged Stealer Log Leak Claims Data From Apple, Google and Dozens of Global Firms

A new security alert has surfaced from an online forum. An alleged stealer log compromise now claims to impact dozens of global corporations.

And guess what? Big names in tech, finance, automotive manufacturing all appeared on the victims list. 

The List of Corporate Victims

An online forum has been buzzing about an incredible list of companies that have allegedly been hacked. The list includes logs from many different companies and organizations that have been compromised and stolen from, including such notable industries like Technology, Finance, Automotive, and many others.

This company’s database has a long list of high-profile companies on it; Samsung, Dell, Google, Apple, Microsoft, Intel, HP, Nvidia, Oracle, Cisco, and IBM are just a few of these entries. Additionally, this list includes social media like Meta(Facebook), X Corp formerly Twitter, and Netflix among others.

Further companies in finance that appeared on the list include PayPal, Visa, MasterCard and JPMorgan Chase, even Bank of America. There’s more – Wells Fargo, as well as other finance behemorts like Goldman Sachs, Morgan Stanley and Citigroup. Also on the list are international banks, including HSBC, BNP Paribas, UBS, Credit Suisse and Deutsche Bank.

Those in the automotive sector didn’t escape, the post also mentioned VolkswagenToyota, Honda, Mercedes-Benz, Ford, BMW, Audi, even General Motors.

How about in tech? China-based giants – Lenovo, Huawei, Alibaba and Tencent, are there. And Japanese companies such as Sony and Siemens also featured. Additionally, US tech giants like Spotify and Amazon were also mentioned. It is an incredibly wide net.

Lack of MFA Enforcement Exposes Big Companies to Infostealer Attack

Interestingly, the second report we have seen regarding something like this happening in 2026. The first report surfaced on January 5, where a hacker, who goes by the name Zestix (also identified as Sentap), was auctioning stolen data from 50 global corporations.

The victims then included heavy hitters like Deloitte, KPMG, Samsung, and a firm called Pickett & Associates.

What was the common link? All of them failed to enforce multi-factor authentication (MFA). Zestix gained access to the corporations’ cloud hosting accounts by taking advantage of their credentials.

They obtained the data using an infostealer malware program, most likely one of the following types: RedLine, Lumma, or Vidar. Some of the stolen credentials were years old. But because the companies never rotated passwords or invalidated old sessions, a years-old infection became a present-day catastrophe.

The evolution of infostealer malware is accelerating, researchers recently uncovered an AI-linked infostealer that briefly surfaced on the dark web before vanishing, demonstrating that cybercriminals are now leveraging artificial intelligence to create more sophisticated data-stealing tools that can evade traditional detection methods and harvest credentials at an unprecedented scale. In one case, Pickett & Associates lost around 139 GB of sensitive files.

So, What’s the Implication of This Current Incident?

It proves that corporate giants are still ignoring the most basic security rule.

You can have all the fancy firewalls in the world. But if your employees reuse an old password, and one device gets infected with a stealer, your entire cloud instance is an open door. The hackers don’t need to break in. They just walk in using keys you left under the mat years ago.

This alleged new compromise of dozens of companies, from Volkswagen to Visa, suggests the problem is not isolated. It is systemic. Until companies force MFA on every single login and enforce strict password rotation, these massive stealer log dumps will just keep happening. It’s not about sophisticated hacking. It’s about basic digital hygiene that too many are still failing.