Zestix sells stolen corporate data from ShareFile, Nextcloud, and ownCloud
Data Leak
Summary
Hide ▲
Show ▼
Zestix is offering stolen corporate data from dozens of companies, with the files tied to ShareFile, Nextcloud, and ownCloud accounts. The reporting indicates that the activity involves resale of sensitive corporate data and creates ongoing exposure risk for affected organizations. The likely access path is credential theft from employee devices via infostealer malware rather than exploitation of a platform vulnerability. Reported material includes large volumes of data and sensitive records spanning multiple sectors. Related guidance to users emphasized enabling MFA, resetting passwords, invalidating active sessions, and reviewing access logs. The platform itself was described as not having been hacked or breached in the reported activity.
Related Happenings
ShinyHunters data-leak site exposing stolen attack data
Data Leak
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data Leak
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
About this happening:
**SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data LeakAbout this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
PcComponentes customer database leak claim and sample publication
Data Leak
First: 21.01.2026 22:55
Last: 21.01.2026 22:55
Sources 1
About this happening:
A **threat actor named daghetiaw** published a claimed **PcComponentes customer database** and offered it for sale, putting **16.3 million records** at risk. The actor said **500,...
PcComponentes customer database leak claim and sample publication
Data LeakAbout this happening: A **threat actor named daghetiaw** published a claimed **PcComponentes customer database** and offered it for sale, putting **16.3 million records** at risk. The actor said **500,...
Publicly exposed training apps as recurring cloud-entry risk across security vendors
Target Trend
First: 21.01.2026 16:00
Last: 21.01.2026 16:00
Sources 1
About this happening:
**Cybersecurity training apps** left exposed on the public Internet are creating a recurring **cloud-entry risk** for **security vendors and enterprise users**. A scan identified...
Publicly exposed training apps as recurring cloud-entry risk across security vendors
Target TrendAbout this happening: **Cybersecurity training apps** left exposed on the public Internet are creating a recurring **cloud-entry risk** for **security vendors and enterprise users**. A scan identified...
Target Corporation internal source code and developer documentation leak claim
Data Leak
First: 12.01.2026 19:52
Last: 12.01.2026 19:52
Sources 1
About this happening:
**Target Corporation** is facing an **internal source code and documentation leak claim** centered on sample repositories posted to **Gitea** and a larger archive reportedly being...
Target Corporation internal source code and developer documentation leak claim
Data LeakAbout this happening: **Target Corporation** is facing an **internal source code and documentation leak claim** centered on sample repositories posted to **Gitea** and a larger archive reportedly being...
Latest development: 13.01.2026 15:08
Effective January 9, 2026, Target accelerated a security change so access to git.target.com, Target's on-prem GitHub Enterprise Server used for internal development, now requires a Target-managed network either on-site or via VPN. The server was no longer reachable from the public internet.
Timeline
-
07.01.2026 16:34 2 articles · 4mo ago
Zestix offers corporate data for sale after file-sharing credential theft claims
Initial DisclosureZestix is reported to be offering corporate data stolen from dozens of companies, with the likely access path described as infostealer malware on employee devices feeding stolen credentials into ShareFile, Nextcloud, and ownCloud accounts. In response to related credential-theft reporting, ownCloud warned users to enable MFA, reset passwords, invalidate active sessions, and review access logs, while saying the platform was not hacked or breached and that no zero-day exploits or platform vulnerabilities were involved.
Show sources
- ownCloud urges users to enable MFA after credential theft reports — www.bleepingcomputer.com — 07.01.2026 16:34
- ownCloud urges users to enable MFA after credential theft reports — www.bleepingcomputer.com — 07.01.2026 16:34
-
06.01.2026 00:52 3 articles · 4mo ago
Hudson Rock identifies Zestix cloud-data sales
Initial DisclosureHudson Rock identified Zestix as an initial access broker selling alleged corporate data from ShareFile, Nextcloud, and ownCloud environments, with initial access likely tied to employee-device credentials collected by infostealer malware such as RedLine, Lumma, and Vidar. The analysis says at least 15 examined cases involved cloud-service credentials collected by infostealers, some stolen credentials had remained in criminal databases for years, and the company notified ShareFile while planning to alert Nextcloud and OwnCloud about the verified exposures.
Show sources
- Cloud file-sharing sites targeted for corporate data theft attacks — www.bleepingcomputer.com — 06.01.2026 00:52
- Cloud file-sharing sites targeted for corporate data theft attacks — www.bleepingcomputer.com — 06.01.2026 00:52
- MFA Failure Enables Infostealer Breach At 50 Enterprises — www.infosecurity-magazine.com — 07.01.2026 11:45