Open-Source Security Threatened: Akira Ransomware Steals 23GB from OpenOffice
It has been revealed that on October 29, 2025, a ransomware attack targeted Apache OpenOffice, an open-source productivity suite. Approximately 23 gigabytes of the company’s internal data were reportedly stolen. The cybercriminal group behind the attack, known as the Akira Ransomware Group, has claimed responsibility. Due to this incident, many organizations are now under pressure and concerned about potential risks.
What has Akira Ransomware claimed?
According to messages posted on the group’s dark-web leak site, the Akira group stated:
“Our hackers accessed the Apache OpenOffice system and stole their corporate files and some business transaction files. The files stolen are 23GB in size.”
They also claimed that they have made demands from the company. If the company meets those demands, the stolen data will be returned. Otherwise, the group says they will publish the entire dataset online. Public exposure of the data could cause serious damage to the company. The attackers also implied that rival companies or malicious parties could exploit the leaked information.
What the stolen data may include
- Employee personal data such as physical addresses, phone numbers, dates of birth, driver’s licenses, and Social Security numbers.
- Credit-card information, internal financial records, and confidential documents .
- Development and bug-report files from the software project, suggesting access to the operational backbone of the open-source system .
Who are the people affected by this attack by Akira Ransomware ?
The Akira group has targeted the Apache Software Foundation’s OpenOffice project, which provides a free office-suite alternative (Writer, Spreadsheets, Presentations, etc.) widely used on Windows, Linux, and macOS platforms. The project also benefits many third-party users.
There is no verified list of employees or contributors affected. However, if their personal information has been stolen and later leaked on the dark web, those individuals could be at significant risk.
You can also follow us on X for news updates.
Apache OpenOffice is showing the validation and response status.
The attack occurred on October 29, and today is November 1. The Apache Software Foundation has not yet made any public statements and has declined to comment to the press.
Since the information comes directly from the Akira group’s dark-web leak site, confirming the details remains difficult. There is a possibility that:
- The attackers could be bluffing
- The data may be old or taken from previous breaches
- The actual extent of the breach may differ from the claim
If the claim of 23GB of stolen data is accurate, it poses a serious concern for Apache OpenOffice, especially since many organizations rely on open-source infrastructure that may lack enterprise-level security.
What is the importance of Apache OpenOffice?
1. Open-source projects as targets
Open-source software is often considered secure due to transparency, but this incident shows that organizations operating these projects are still vulnerable. Being open-source makes work easier for users — but also potentially easier for attackers to study and exploit.
2. Ransomware’s shifting targets
The Akira group is known for attacking large corporations, government agencies, and supply-chain networks. They have carried out several data-theft attacks in the past, showing that their targets are expanding beyond just big enterprises.
3.Technical considerations
Although the exact vulnerability used in the attack has not been disclosed, analysts note that Akira often exploits:
- Weak authentication protections
- VPN access with poor security
- Publicly-known network vulnerabilities
- Lateral movement strategies to reach high-value systems
What action will Apache Open Office take in the future?
Apache Software Foundation will need to identify which data the Akira group stole, determine which systems were affected, and investigate how the intrusion occurred.
If the stolen data is eventually published, security researchers may analyze the dump and share indicators of compromise (IOCs) to help organizations strengthen defenses and detect related threats.
The broader community may leverage this incident to call for increased funding, governance or cybersecurity maturity in open-source foundations, recognising that they are part of global infrastructure.
Organisations downstream from Apache OpenOffice (for example, those embedding or distributing the suite) may need to assess whether they had exposure, particularly if they use internal builds or customise the software.
