Talk to an expert
Talk to an expert

Luxury (IP & VIP protection)

Luxury companies, watchmaking, hospitality, UHNWIs

7.4 million Gucci customers. In the hands of ShinyHunters.

Kering, September 2025: ShinyHunters gained access as early as April, went unnoticed for two months, and exfiltrated 7.4 million profiles including amounts spent. LVMH the same week: Dior, Louis Vuitton, Tiffany — 419,000 customers. The houses’ reputation is worth more than their assets. Attackers know it.

1 M
Kering customers (Gucci, Balenciaga) exposed, ShinyHunters Sept. 2025
1 months
Duration of the attackers' undetected presence before any alert
$ 1 B
Global counterfeit trade 2025, ~60% of it in luxury
$ 1
Maximum spend of exposed Gucci customers, data sorted by estimated wealth

REPUTATION, HNWI DATA, AND INTELLECTUAL PROPERTY—THREE TARGETS IN A SINGLE HOUSE

Kering/LVMH profiles: the most valuable target in cybercrime
A luxury customer profile contains identity, addresses, purchase history, special occasions and amounts spent. This data enables ultra-targeted deepfake scams, planned burglaries, extortion, and sale to states. ShinyHunters sorts stolen databases by total purchases — to prioritize the wealthiest victims.
Salesforce shared across 10 houses: one vector, 10 victims
Every major luxury attack in 2025 went through third parties. Kering: Salesforce SSO portals via employee phishing. LVMH: a provider shared between Dior, LV and Tiffany. A single compromised vector can hit all the houses of a group at once.
Chanel formulas, Patek movements: irreplaceable secrets
APT groups have targeted Swiss watchmaking workshops to steal proprietary movement designs. The code of connected watches is the new exfiltration vector for the most precious know-how.
Anti-counterfeiting authentication systems: a new target
Compromising the verification code of the digital product passport (DPP) makes it possible to certify fakes indefinitely. Attacking the authentication system is worth more than copying the physical product.

OUR SERVICES

QREDTEAM

ADVERSARY SIMULATION

  • CRM and provider supply-chain Red Team — ShinyHunters/Scattered Spider simulation
  • Testing of SSO portals shared between houses of the same group
  • Ultra-targeted phishing simulation on HNWI clients from stolen data
  • Pentest of hotel PMS systems (Oracle Hospitality) — UHNWI stay data
  • Red Team of DPP platforms and blockchain anti-counterfeiting authentication systems.
Discover QRedTeam

QLAB

DEEP SECURITY RESEARCH

  • Audit of DPP and product-authentication systems — cryptographic robustness
  • Reverse engineering of luxury mobile apps — customer-data extraction vectors
  • Supply-chain audit of CRM and shared marketing-data providers
  • Firmware analysis of connected watches — attack interfaces
  • 0-day research on the houses’ e-commerce platforms and online boutiques.
Discover QLab

QSHIELD

SOFTWARE PROTECTION

  • Protection of DPP and anti-counterfeiting authentication system code
  • IP protection of algorithms embedded in connected watches
  • Anti-cloning for houses exporting connected products to high-counterfeiting markets
  • Obfuscation of the houses’ mobile-app code against reverse engineering
  • Protection of proprietary perfume-composition and formulation software code.
Discover QShield

DIFFERENTIATOR QUARKSLAB

Consulting firms will audit your GDPR policy after the incident. Quarkslab simulates the attack before: we reproduce exactly the TTPs of ShinyHunters on your Salesforce portals, of Scattered Spider on your support teams — and we audit the code of your DPP systems so they don’t become the vector that certifies your counterfeits.

WHAT WOULD WE SAY TO EACH OTHER, FACE TO FACE

Do your wealthiest clients know that their purchase profiles have just been sorted by amount spent on the dark web?

That’s the reality for 7.4 million Gucci customers since September 2025. ShinyHunters accessed Kering’s systems as early as April — and no one detected it for two months. The vector: a Salesforce SSO portal shared across the group’s houses, compromised via an employee phishing attack.

ShinyHunters TTPs on your real systems
We simulate exactly the techniques of ShinyHunters on your shared Salesforce portals — to identify your vulnerabilities before they do.
The shared provider is your highest risk
Your houses share technology providers. We audit them as if we were the attacker — with the goal of compromising as many as possible at once.
Your certificates of authenticity, tamper-proof
QShield protects your DPP code so it doesn't become the vector that certifies your counterfeits.
We understand your brand constraints
Luxury does not communicate about its incidents. Our confidentiality commitments are aligned with your reputation-protection imperatives.
 Our publications & CVEs
Protect your clients and your IP