Hacker Claims Theft of 480TB of Data from XTIUM, No Confirmation Yet

A threat actor made a post on a dark forum, claiming they hacked managed security, cloud, and backup services provider XTIUM and stole huge amounts of the company’s data.

They claimed they have contacted the company directly and are also reaching out to affected users. However, none of this is verified yet.

Details of the Hacker’s Breach Claim

A hacker named “The_Auditors” posted on DarkForums, alleging that they got their hands on 480 TB of client backup data from XTIUM.

They also claim they contacted XTIUM directly. About ten days later, they allegedly grabbed another 5.8TB of internal files. That second batch came from Synology ShareSync environments. The actor now wants to sell the data. They are also approaching affected parties for extortion payments.

The post includes limited screenshots. One shows what looks like an XTIUM portal dashboard. Another shows file directory structures. A third shows a chat with an XTIUM administrator. These images look technical, but we cannot confirm they are real. We also cannot confirm the timing or if they are unique to XTIUM.

Why the Hacker’s Claims Might Be True

XTIUM publicly partners with Veeam. That matches the actor’s claim about a compromised Veeam backup environment. The company also lists managed security and incident response as services. So the technical details are believable. But believability is not evidence. Many MSPs use Veeam. But that does not mean any of them got breached.

Moreover, a close look at XTIUM’s status page shows the system is still operational. There is no public breach advisory, no customer notice, no regulator filing. Also, no sample data from the actor that independent experts could test. And no third party security firm has confirmed the claim. So, the whole thing is still a mere story for now.

Potential Impact of the Breach

MSPs hold keys to a lot of systems. So if this claim is real, trouble would spread fast, even beyond XTIUM. Client backups, shared files would all be at risk. One successful hack could dozens of companies get hit at once. This supply chain risk is exactly what happened when attackers exploited a Cisco firewall flaw for weeks before a patch was available, a single vulnerability in widely deployed infrastructure can cascade into numerous breaches before organizations can respond. But let’s be honest, this is still a potential impact, not fact since no one has verified the authenticity yet.

Nonetheless, the actor did provide specific numbers and named real technologies, Veeam, Synology, etc. That’s more detail than most fakes bother with. But the thing is, detail is not proof. Until we see real samples or an official statement from XTIUM, this remains an allegation. Not a confirmed breach.

What’s Next

So what do we watch for? Three main things. Firstly, verifiable samples the hacker actually dropped.

Secondly, look out for XTIUM’s official statement or customer alert Thirdly, confirmation from regulators or clients. Currently, XTIUM hasn’t said anything. We’ll keep watching. And we’ll tell you the moment something changes.

For now, this is a headline without a body. Stay cautious. Do not panic. And remember: on the dark web, anyone can claim anything. Proof is what separates noise from news.