Skip to Content

Is Your Data Safe After the $5,000 Mercedes-Benz Hack by Zestix?

By: Author Alex Lim

Posted on

Categories Cybersecurity

Home » Cybersecurity » Is Your Data Safe After the $5,000 Mercedes-Benz Hack by Zestix?

What Does the 18GB Mercedes-Benz Legal Data Breach Mean for Owners?

We need to discuss a concerning cybersecurity development involving Mercedes-Benz USA (MBUSA). A threat actor operating under the alias “zestix” alleges they have breached the automaker’s IT infrastructure as of December 1, 2025. This individual claims to possess 18.3 GB of sensitive internal files and is selling the entire archive on a dark web forum for a surprisingly low sum of $5,000.​

Understanding the Compromised Data

This incident appears distinct from previous technical leaks because it targets the company’s legal operations rather than just vehicle software. The hacker asserts the stolen dataset contains active and closed litigation files spanning 48 U.S. states.​

Specific Data Points at Risk:

  • Warranty Litigation: Files related to consumer warranty disputes and Lemon Law cases.
  • Defense Strategies: Internal documents detailing how Mercedes-Benz defends against claims.
  • Vendor Information: “New Vendor Questionnaire” forms that include banking details, creating a high risk for Business Email Compromise (BEC) attacks.​
  • Billing Rates: Confidential billing rates for outside legal counsel.​

Analyzing the Low $5,000 Valuation

You might wonder why such a massive 18.3 GB archive lists for only $5,000. In the cybercriminal underground, pricing often reflects the immediate “cash-out” value of the data.​

  • Niche Value: Unlike credit card dumps which criminals can monetize instantly, legal documents require time to analyze and exploit.
  • Quick Sale: The attacker may prefer a fast transaction over negotiating higher prices for intellectual property.
  • Verification: A lower price point can sometimes attract more buyers who want to verify the data’s authenticity without significant financial risk.

Strategic Implications and Risks

If “zestix” indeed holds this data, the primary risk shifts to customers currently in legal disputes with Mercedes-Benz. Opposing counsel or fraudsters could theoretically purchase this data to understand Mercedes’ defense playbooks or settlement thresholds. Furthermore, the exposed vendor banking details could facilitate sophisticated invoice fraud against the company’s partners.​

Advisor Recommendation

We advise corporate security teams to monitor for unusual vendor communication changes. Individuals involved in warranty claims with MBUSA should remain vigilant against phishing attempts that reference specific case details, as this information is no longer private.​