Apache OpenOffice Allegedly Breached by Akira Ransomware Group, 23GB of Data at Risk
On October 29, 2025, the Akira ransomware group announced a significant breach of Apache OpenOffice’s systems, claiming to have exfiltrated 23 gigabytes of sensitive corporate data. This incident highlights the increasing vulnerability of non-profit software foundations to sophisticated cyber threats.
Apache OpenOffice Overview
Apache OpenOffice is a widely-used, free office productivity suite developed by the Apache Software Foundation. It offers applications such as Writer for word processing, Calc for spreadsheets, Impress for presentations, Draw for vector graphics, Base for databases, and Math for formulas. Supporting over 110 languages and compatible with Windows, Linux, and macOS platforms, OpenOffice serves millions of users globally, including educational institutions and small businesses. The project relies heavily on volunteer contributions and community funding.
Details of the Alleged Breach
According to Akira’s dark web leak site, the stolen data includes:
– Employee personal information: physical addresses, phone numbers, dates of birth, driver’s licenses, Social Security numbers, and credit card details.
– Financial records and confidential internal documents.
– Comprehensive reports on application bugs and development issues.
The group has threatened to release the data unless a ransom is paid, stating, We will upload 23 GB of corporate documents soon.
Apache Software Foundation’s Response
As of November 1, 2025, the Apache Software Foundation has not confirmed or denied the breach. Spokespersons have declined immediate comments to cybersecurity outlets. Independent verification of the breach remains pending, raising questions about the authenticity and recency of the data. If the breach is genuine, it could lead to identity theft and phishing attacks targeting staff members. However, the open-source nature of OpenOffice suggests limited direct risks to the software’s codebase.
About the Akira Ransomware Group
Emerging in March 2023, Akira operates as a ransomware-as-a-service entity. The group has accumulated tens of millions in ransoms through numerous attacks across the U.S., Europe, and other regions. Akira specializes in data exfiltration prior to encryption and has been known to hack victim webcams for additional leverage. Communicating in Russian on underground forums, the group notably avoids systems with Russian keyboard layouts, indicating possible geopolitical considerations.
Implications for Open-Source Projects
This incident underscores a growing trend of ransomware attacks targeting open-source projects. It calls for enhanced security measures within volunteer-driven ecosystems. Organizations utilizing Apache OpenOffice are advised to:
– Monitor for unusual activity.
– Ensure data backups are isolated and secure.
As the situation develops, the cybersecurity community remains vigilant for further evidence or repercussions that could impact trust in collaborative software development.
