Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach

The notorious Akira ransomware group announced on October 29, 2025, that it successfully breached the systems of Apache OpenOffice, exfiltrating a staggering 23 gigabytes of sensitive corporate data.

The group, known for its aggressive double-extortion tactics, posted details on its dark web leak site, threatening to release the information unless a ransom is paid. This incident underscores the escalating risks facing even non-profit software foundations in an era of sophisticated cyber threats.​

Apache OpenOffice, a cornerstone of free office productivity tools developed under the Apache Software Foundation, has long served as an accessible alternative to proprietary suites like Microsoft Office.

The software includes Writer for word processing, Calc for spreadsheets, Impress for presentations, Draw for vector graphics, Base for databases, and Math for formulas, supporting over 110 languages across Windows, Linux, and macOS platforms.

With millions of users worldwide, including in education and small businesses, the project relies on volunteer contributors and community funding. The alleged breach does not appear to compromise the public download servers, leaving end-users’ installations safe for now.​

Details of the Alleged Breach

According to Akira’s post, the stolen data encompasses highly personal employee records, including physical addresses, phone numbers, dates of birth, driver’s licenses, Social Security numbers, and credit card details.

Financial records, internal confidential documents, and extensive reports detailing application bugs and development issues are also purportedly included in the haul.

The group boasted, “We will upload 23 GB of corporate documents soon,” highlighting the breadth of the intrusion into the foundation’s operational backbone.​

As of November 1, 2025, the Apache Software Foundation has neither confirmed nor denied the breach, with spokespeople declining immediate comment to cybersecurity outlets.

Independent verification remains elusive, raising questions about whether the data is fresh or repurposed from prior leaks. If authentic, the exposure could fuel identity theft and phishing campaigns targeting staff, though the open-source nature of OpenOffice limits direct risks to the software’s codebase.​

Akira, a ransomware-as-a-service operation that surfaced in March 2023, has amassed tens of millions in ransoms through hundreds of attacks across the U.S., Europe, and beyond.

Specializing in data exfiltration before encryption, the group deploys variants for Windows and Linux/ESXi environments, even hacking victim webcams for added leverage.

Communicating in Russian on underground forums, Akira notably spares systems with Russian keyboard layouts, hinting at geopolitical selectivity.​

This incident comes during a rise in ransomware attacks targeting open-source projects, leading to calls for enhanced security in volunteer-driven ecosystems.

Organizations using Apache OpenOffice are advised to monitor for unusual activity and ensure data backups are isolated. As Akira’s listing persists without resolution, the cybersecurity world watches closely for proof—or fallout—that could reshape trust in collaborative software development.​

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.