Akira Ransomware reports about an Apache OpenOffice Breach that resulted in 23GB Theft
Akira Ransomware reports about an Apache OpenOffice Breach that resulted in 23GB Theft
On October 29, 2025, the well-known ransomware gang Akira declared that it had successfully infiltrated Apache OpenOffice’s computers and taken 23 gigabytes of private company information.
Known for using harsh double-extortion techniques, the organization uploaded information on its dark web leak website and threatened to remove it unless a ransom was paid. In an age of advanced cyberthreats, this incident highlights the growing hazards that even nonprofit software foundations must contend with.
For many years, Apache OpenOffice, a mainstay of free office productivity tools created by the Apache Software Foundation, has been a readily available substitute for expensive suites like Microsoft Office.
The program supports more than 110 languages on Windows, Linux, and macOS platforms and comes with Writer for word processing, Calc for spreadsheets, Impress for presentations, Draw for vector drawings, Base for databases, and Math for formulae.
The initiative, which has millions of users globally, including in small enterprises and education, depends on community finance and volunteer contributions. For the time being, end users’ installs are safe because the purported breach doesn’t seem to jeopardize the public download servers.
Details of the Alleged Breach
The stolen information includes extremely private personal records, such as physical addresses, phone numbers, dates of birth, driver’s licenses, Social Security numbers, and credit card information, according to Akira’s tweet.
Additionally, allegedly included in the haul are financial information, internal secret documents, and comprehensive reports outlining development challenges and application bugs.
“We will upload 23 GB of corporate documents soon,” the gang boasted, underscoring the extent of the penetration into the foundation’s core business operations.
The Apache Software Foundation has not verified or disputed the incident as of November 1, 2025, and representatives have declined to speak to cybersecurity outlets right away.
There is still no independent confirmation, which begs the question of whether the data is new or recycled from earlier disclosures. Although OpenOffice’s open-source nature reduces direct dangers to the software’s codebase, if genuine, the vulnerability could encourage identity theft and phishing attacks directed at employees.
Since its emergence in March 2023, the ransomware-as-a-service organization Akira has launched hundreds of attacks throughout the United States, Europe, and other countries, resulting in tens of millions of ransom.
The organization uses variations for Windows and Linux/ESXi settings, specializing in data exfiltration prior to encryption. For extra leverage, they also attack victim cameras.
In an apparent indication of geopolitical selectivity, Akira significantly avoids systems with Russian keyboard layouts when communicating in Russian on underground forums.
There have been requests for increased security in volunteer-driven ecosystems as a result of the surge in ransomware attacks that target open-source projects.
It is recommended that organizations that use Apache OpenOffice keep an eye out for odd activities and make sure that data backups are separated. The cybersecurity community keeps a watchful eye out for evidence—or repercussions—that could change people’s perceptions of collaborative software development as Akira’s listing continues unresolved.
About the Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Red Hat Summit Connect 2025 : Executive Exchange
About Author
English