Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Wizz Air

wizzair.com

Group: Stormous

Discovered by ransomware.live: 2025-05-02

Estimated attack date: 2025-04-30

Country: HU

Description:

The response stated: "Wizz Air has strong security systems in place, designed to protect the sensitive data of our valued customers and partners." But I would like to know what guarantees you actually offer your customers and others, because this company clearly seems unaware of what’s going on. The breach was published nearly a month ago, and the data has been widely circulated and used. It has also been verified, and it is indeed valid data linked to your employees. Does the company not have any monitoring system? Or perhaps there have been numerous reports of major fraud incidents committed under your name. So, your denial of the breach — which dates back to a month ago — appears more like an attempt to mislead your customers and partners.
Infostealer activity detected by HudsonRock

Compromised Employees: 52

Compromised Users: 84575

Third Party Employee Credentials: 70

External Attack Surface: 131

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations@web.com
MX Records
  • wizzair-com.mail.protection.outlook.com.
TXT Records
  • sitecore-domain-verification=06aae56fb4f24af6b18df37b2a0f8dce
  • MS=ms35223853
  • cisco-ci-domain-verification=d9ff22a1b4bd71547454ae3e1f442287d264d2bc2929243655c36aad8df7009
  • configcat-domain-verification=08dce86d-aa5f-4005-819f-97167123a070
  • v=spf1 ip4:193.226.203.64/27 ip4:91.120.31.80/28 ip4:91.120.28.80/28 ip4:213.163.4.140 ip4:91.82.116.152/29 include:_spf1.wizzair.com include:_spf2.wizzair.com include:spf.protection.outlook.com ~all
  • facebook-domain-verification=fh2w2jk96m3jepgk35qcioo0bvkwy4
  • google-site-verification=SKCuUMVEEFDFiEmJBGw1DNG2A3ecbJs9V1Uu5FUxtd4
  • google-site-verification=4-OXcUdwdWIU0otAQeN8HuFib6Aj8qsoIHtP6Klq7GA
  • google-site-verification=tnqTiB9jEyM58inzSDHe0CEVZXUOqbt7PZsMyg_v42U
  • phR3IoTb41uYTYcAeWSqaKMKUYNlnVEul3g0Aw6xBPBYkCGfLLpba78AnN7cedHcFIU5bPMlMtXljYYNSuoBeQ==
  • google-site-verification=M0EP5vfstedZp6T32a-WjmtHgNmzOpQsCKYYueb5HkI
  • MS=ms26975041
  • successfactors-site-verification=YWIzMjFlYWQ1YzE2NTAxMDM2ZDdlM2E5NjA5YmQyY2I0OWM2NjJmYmJlMWNlZDhlMTM1YjFjZTY2YTM3YWZmYg==
  • apple-domain-verification=WnOQd8u6ZCeyrHsS
  • beautifulai-site-verification=5a483288-d42f-4dc9-82c9-050996784082
Cloud / SaaS Services Detected
Apple Microsoft 365 Cisco

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.