Ransomware victim disclosure
← All victimsIKEA
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- Sweden
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileIKEA is a Swedish multinational retailer founded in 1943 by Ingvar Kamprad, known for designing and selling ready-to-assemble furniture, kitchen appliances, and home accessories at affordable prices. It operates over 400 stores across approximately 50 countries, making it one of the largest furniture retailers in the world. The company is headquartered in Älmhult, Sweden, and is recognised globally for its flat-pack furniture model and modern Scandinavian design aesthetic.
- Industry
- Furniture & Home Furnishings Retail
- Address
- Älmhult, Sweden (headquarters)
- Employees
- 220000
- Founded
- 1943
Attack summary
Severity: low — The leak post contains no verifiable proof, no description of exfiltrated data types or volumes, no screenshots or file samples, and the text is flagged as AI-generated. Despite 'data_published' status, there is no substantive evidence of actual data exposure presented in the post.ShinyHunters claims to have compromised IKEA with data published; however, the leak post content appears to be AI-generated boilerplate describing the company rather than providing specific details of exfiltrated data, stolen files, or operational impact.
Original description
AI-summarised, not from the leak postIKEA is a Swedish-based multinational company that designs and sells ready-to-assemble furniture, kitchen appliances, and home accessories. It's known worldwide as an industry leader for affordable, modern, flat-packed furniture. Founded in 1943 by Ingvar Kamprad, IKEA has over 400 stores in 50 countries, making it one of the largest furniture retailers globally.
Sources
- Leak posthttps://breachforums.hn//ikea.html
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

