Overview
- Threat actors posted screenshots on Telegram on January 3 claiming full access to Resecurity systems and the theft of internal data, chats, and client information.
- Resecurity says the accessed environment was an isolated decoy populated with synthetic employee, client, and payment records, asserting no impact on production systems or real customer data.
- The company reports collecting detailed telemetry from the activity, including IPs exposed by proxy failures, and says it shared findings with law enforcement, including a subpoena request by a foreign partner.
- The claimed intrusion was presented by the actors as retaliation for alleged social‑engineering attempts by Resecurity on dark‑web markets, a rationale the firm has not confirmed.
- Resecurity’s timeline cites reconnaissance starting November 21, automated requests against decoy data between December 12 and 24, and large synthetic datasets exceeding 28,000 consumer records and 190,000 payment transactions.