Ransomware victim disclosure
← All victimsmarinabaysands.com - Singapore Hotel (Internal Server)
Claimed by Babuk · listed 1 year ago
Status timeline
- ListedMar 12, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk
- Status
- Data leaked
- Country
- Singapore
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 12, 2025
About the victim
AI dossier — public-source company profileMarina Bay Sands is a luxury integrated resort in Singapore featuring a hotel, casino, shopping mall, and convention facilities. It is one of Asia's most iconic properties, operated by Las Vegas Sands Corporation, and serves high-net-worth guests and business travelers globally.
- Industry
- Luxury Hospitality & Gaming Resorts
- Address
- Marina Bay, Singapore
- Employees
- 7000-8000
- Founded
- 2010
Attack summary
Severity: high — A confirmed breach of a major luxury resort's internal server with data published carries high severity due to potential exposure of guest PII, payment data, and operational intelligence affecting a critical tourism/hospitality asset. The lack of proof file count details and sparse post content limits confidence in assessing specific data sensitivity.Babuk claims to have compromised an internal server at Marina Bay Sands and has published the data. The specific systems accessed and data categories exfiltrated are not detailed in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- internal server data
- potentially guest records
- potentially payment systems
- potentially operational systems
What the group claims
marinabaysands.com - Singapore Hotel (Internal Server)
Sources
- Victim sitemarinabaysands.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

