Dell Data Breach Claims Under Scrutiny After Fake Records Surface Cybernews researchers have cast doubt on the legitimacy of a purported Dell database breach, which allegedly exposed over 5,000 records, including emails from more than 2,000 employees. The incident, attributed to an attacker using the alias ShinyCorporation a name linked to the notorious Scattered Lapsus$ Hunters hacking collective has raised concerns about the accuracy of the leaked data. Analysis of a sample of 21 emails from the dataset revealed that at least 20% were fake, suggesting the breach may have been exaggerated. While some legitimate emails were included, researchers warned these could be exploited for follow-up cyberattacks, such as phishing or credential-stuffing campaigns. Additionally, leaked IP addresses and internal URLs if authentic could enable reconnaissance efforts, potentially exposing source code and internal business operations. The findings highlight the risks of unverified breach claims, particularly when threat actors may inflate or fabricate data to amplify their impact.

Dell has confirmed that criminals broke into its IT environment and stole some of its data — but told The Register that it's 'primarily synthetic (fake) data.' The compromised data, according to WorldLeaks' post, includes 416,103 files. The data stolen is primarily synthetic, publicly available or Dell systems/test data. This follows a more serious breach last year, during which a digital thief claimed to have stolen and put up for sale a database containing 49 million Dell customer records.

Nike Targeted in WorldLeaks Ransomware Attack, Data Extortion Threatened Nike has fallen victim to a data extortion attack by the financially motivated ransomware group WorldLeaks, which announced the breach on its darknet leak site on January 22, 2026. The group threatened to release stolen data by January 25, 2026, at 6 PM GMT, though the exact volume of exfiltrated information remains unconfirmed. Industry analysts estimate it could reach several terabytes, based on the group’s past attacks. Nike acknowledged the incident in a statement, confirming it is actively investigating the breach. According to reports, the attack compromised: - 481,183 user accounts - 220 employee records - 444 third-party credentials Potentially exposed data includes internal documentation, customer information, employee contact details, operational records, and HR data. The full scope of sensitive material such as intellectual property or financial records remains under investigation. WorldLeaks, a rebrand of Hunters International (active since January 2025), operates an extortion-only model, focusing on data theft rather than encryption to evade detection. The group maintains a four-platform infrastructure, including a public leak site, negotiation portal, and an "Insider" journalist platform for early data access. Since its formation, WorldLeaks has claimed 116 victims, including Dell Technologies (1.3TB stolen) and L3Harris Technologies, a U.S. defense contractor. Initial access is typically gained through phishing, unpatched applications, or VPNs without multi-factor authentication (MFA). Post-compromise, the group uses credential theft, lateral movement, and custom exfiltration tools to extract data. This attack follows a recent trend of targeted cyberattacks on retail and apparel sectors, particularly organizations with weak authentication and high-value intellectual property. Security researchers note the group’s preference for high-profile victims with vulnerable infrastructure.

A Kurdish hacker codenamed “MuhmadEmad” from the hacktivist group “KurdLinux_Team” have managed to gain unauthorized access to Dell’s official website subdomains and leave them defaced. The exploit had allowed hackers to inject into the web site's database and get the hashed/encrypted password of admins which would then be cracked to gain access to the website admin control panel, allowing hackers to do anything with the website. Dell investigated the incident and put down the hacked server, the subdomains remain inaccessible.