{ "id": "a6263810-708f-407f-a363-2870307485bc", "created_at": "2026-04-11T02:24:09.799392Z", "updated_at": "2026-04-11T02:24:15.565826Z", "deleted_at": null, "sha1_hash": "a0ec8160e2054c077b918ec9f0d629b344fd75b3", "title": "Sg: Vhive alerts consumers to cyberattack - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 163070, "plain_text": "Sg: Vhive alerts consumers to cyberattack - DataBreaches.Net\r\nPublished: 2021-03-29 · Archived: 2026-04-11 02:08:40 UTC\r\nVhive, a popular retail furniture chain in Singapore, has posted a notice on their web site and Facebook page\r\nannouncing  a cyberattack that occurred on March 23.\r\nBased on information provided to DataBreaches.net by the threat actors, this appear to have been a double\r\nextortion attack by ALTDOS threat actors that involves more than 300,000 customer records as well as other types\r\nof documents including transactions records and payment records. According to Vhive, the attack did not involve\r\nNRIC numbers (national registration identity card numbers required for every Singapore resident over age 15).\r\nNor did it reportedly involve any financial information or credit card data.\r\nThe initial attack of vhive.com.sg allegedly occurred on March 21, with the private network server breached on\r\nMarch 22. A timeline claimed by the threat actors indicates that Vhive was able to recover its site and files using\r\nbackups on March 23, but allegedly “failed to resolve major vulnerabilities, allowing ALTDOS to continue our\r\nattacks.” Those attacks allegedly continued on March 25, when ALTDOS downloaded source coding and files,\r\nand “encrypted all files on its server with a ransomware attack.”\r\nAs proof of compromise, ALTDOS provided a number of mp4’s showing them scrolling through directories and\r\nfolders. They also provided some screencaps, including the one below which has been redacted by\r\nhttps://www.databreaches.net/sg-vhive-alerts-consumers-to-cyberattack/\r\nPage 1 of 2\n\nDataBreaches.net. It shows that there were more than 300,000 records in the “systemv” “customer” table.\r\nDataBreaches.net has redacted the customers’ names, addresses, and mobile phone numbers.\r\nThe threat actors do not indicate what kind of ransomware was involved, but in a past attack, they had informed\r\nthis site that they generally avoid ransomware and had simply used AES 256 encryption.\r\nAccording to the attackers, there was some negotiation with Vhive management on March 26, and when they\r\nasked for more time, ALTDOS gave the firm a 48-hour deadline.  On March 28, Vhive announced the breach on\r\nits web site and terminated negotiations with ALTDOS, who predictably responded by announcing that they  will\r\nstart dumping data within a few days.\r\nDataBreaches.net reached out to Vhive to ask for more details about the ransomware aspect and to inquire whether\r\nthey wished to make any additional statement about the attack. This post will be updated if or when a response is\r\nreceived.\r\nSource: https://www.databreaches.net/sg-vhive-alerts-consumers-to-cyberattack/\r\nhttps://www.databreaches.net/sg-vhive-alerts-consumers-to-cyberattack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "ETDA" ], "origins": [ "web" ], "references": [ "https://www.databreaches.net/sg-vhive-alerts-consumers-to-cyberattack/" ], "report_names": [ "sg-vhive-alerts-consumers-to-cyberattack" ], "threat_actors": [], "ts_created_at": 1775874249, "ts_updated_at": 1775874255, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a0ec8160e2054c077b918ec9f0d629b344fd75b3.pdf", "text": "https://archive.orkl.eu/a0ec8160e2054c077b918ec9f0d629b344fd75b3.txt", "img": "https://archive.orkl.eu/a0ec8160e2054c077b918ec9f0d629b344fd75b3.jpg" } }