Ransomware victim disclosure
← All victimsMarina Bay Sands
listed as marinabaysands.com - Singapore Hotel (Internal Server) · Claimed by Babuk2 · listed 1 year ago
Status timeline
- ListedMar 12, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk2
- Status
- Data leaked
- Country
- Singapore
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 12, 2025
About the victim
AI dossier — public-source company profileMarina Bay Sands is one of Singapore's most prominent luxury integrated resorts, featuring a 2,561-room hotel, casino, convention facilities, shopping mall, and restaurants. Operated by Las Vegas Sands Corporation, it is a major tourism and business destination in Singapore's Marina Bay district.
- Industry
- Luxury Hospitality & Integrated Resort
- Address
- 10 Bayfront Avenue, Singapore 018956
- Employees
- 7000-10000
- Founded
- 2010
Attack summary
Severity: high — Confirmed breach of a major hospitality operator with access to sensitive guest data, financial records, and operational systems. Despite limited post detail, the target's scale and guest data exposure history in hospitality breaches warrants high severity. Published disclosure without ransom indicates potential data publication threat.Babuk2 group claims to have compromised an internal server at Marina Bay Sands. The leak post provides minimal detail on the scope of data exfiltration or encryption, stating only the target and location without specifying operational impact or data categories.
Data the group says was taken
AI dossier — extracted from the leak post- internal server data
- unspecified systems
What the group claims
marinabaysands.com - Singapore Hotel (Internal Server)
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

