βΌοΈ New Dark Web Informer Blog Post!
Title: Alleged Breach of Therapeutes Exposes 71,500 Patient Records and 199,000 Therapy Appointments From French Mental Health Platform
Link: https://darkwebinformer.com/alleged-breach-of-therapeutes-exposes-71-500-patient-records-and-199-000-therapy-appointments-from-french-mental-health-platform/
Title: Alleged Breach of Therapeutes Exposes 71,500 Patient Records and 199,000 Therapy Appointments From French Mental Health Platform
Link: https://darkwebinformer.com/alleged-breach-of-therapeutes-exposes-71-500-patient-records-and-199-000-therapy-appointments-from-french-mental-health-platform/
Dark Web Informer
Alleged Breach of Therapeutes Exposes 71,500 Patient Records and 199,000 Therapy Appointments From French Mental Health Platform
βΌοΈπΏπ¦ A threat actor claims to have extracted the database of the Gauteng Provincial Government, the official online portal for South Africa's Gauteng province.
The breach allegedly includes 3,673,565 files totaling 3.8 TB, containing government department details, public programs, healthcare, education, housing, and economic development data.
Price: $25,000.
The breach allegedly includes 3,673,565 files totaling 3.8 TB, containing government department details, public programs, healthcare, education, housing, and economic development data.
Price: $25,000.
β οΈ FBI Watchdog - HTTP Fingerprint Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: b1ackstash.cc
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 17:00:38 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: b1ackstash.cc
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 17:00:38 UTC
Previous Records:
Status: 404
Body: 7a9b0a66124e
New Records:
Body hash: 7a9b0a66124e β c375e42b6328 (size: 555 β 153)
βΌοΈπΉπ· A threat actor has allegedly leaked the database of BaydΓΆner, one of Turkey's most popular restaurant chains, containing nearly 3.6 million unique records and over 201,000 order records.
The compromised data reportedly includes nearly 1.3 million unique email addresses, dates of birth, Turkish national identity numbers (TCKNs), names, phone numbers, plaintext passwords, physical addresses, geographic locations, and purchase details.
The compromised data reportedly includes nearly 1.3 million unique email addresses, dates of birth, Turkish national identity numbers (TCKNs), names, phone numbers, plaintext passwords, physical addresses, geographic locations, and purchase details.
βΌοΈπ¨π¦ A threat actor claims to have breached Loblaw, Canada's largest food and pharmacy retailer, threatening to publicly leak all data if the company does not respond by March 19th.
The allegedly exfiltrated data includes 75.1M Salesforce customer PII records, 724.9M Shoppers Drug Mart Hybris rows with payment info and credit card details, 129.9M pharmacy fill request records with prescription numbers and patient IDs, 120.4M e-commerce fraud-feed records, 20.2M Delivery Ops Portal rows, 3,014 GitLab projects with full source code, 19.3M Oracle IDCS user identity records, and 55.3M SFMC marketing/email records across 673 tables.
The threat actor accuses Loblaw of downplaying the breach and invites media organizations to verify the data's authenticity.
The allegedly exfiltrated data includes 75.1M Salesforce customer PII records, 724.9M Shoppers Drug Mart Hybris rows with payment info and credit card details, 129.9M pharmacy fill request records with prescription numbers and patient IDs, 120.4M e-commerce fraud-feed records, 20.2M Delivery Ops Portal rows, 3,014 GitLab projects with full source code, 19.3M Oracle IDCS user identity records, and 55.3M SFMC marketing/email records across 673 tables.
The threat actor accuses Loblaw of downplaying the breach and invites media organizations to verify the data's authenticity.
β οΈ FBI Watchdog - HTTP Fingerprint Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: b1ackstash.cc
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 17:28:31 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: b1ackstash.cc
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 17:28:31 UTC
Previous Records:
Status: 404
Body: c375e42b6328
New Records:
Body hash: c375e42b6328 β 7a9b0a66124e (size: 153 β 555)
βΌοΈπ¨π΄ BlackShrantac Ransomware claims Nattivo Collection Hotel as a victim
Data contains: Financial docs, budgets, invoices, account info, hotel service databases, and customer data including passports and ID cards.
Data contains: Financial docs, budgets, invoices, account info, hotel service databases, and customer data including passports and ID cards.
π¨ FBI Watchdog - SEIZURE ESCALATION ALERT π¨
π DarkWebInformer.com - Cyber Threat Intelligence
Domain:
Triggered By: HTTP (Status code changed to 403)
Time Detected: 2026-03-13 17:40:40 UTC
π HTTP Fingerprint Changes:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain:
offshore.cxTriggered By: HTTP (Status code changed to 403)
Time Detected: 2026-03-13 17:40:40 UTC
π HTTP Fingerprint Changes:
Status: 200 β 403
x-xss-protection: 1; mode=block β None
x-content-type-options: nosniff β None
x-frame-options: SAMEORIGIN β None
Body hash: c15114f948ad β e478c00442ca (size: 58,704 β 1,483)
πͺ Slice For Life πͺ
π¨ FBI Watchdog - SEIZURE ESCALATION ALERT π¨ π DarkWebInformer.com - Cyber Threat Intelligence Domain: offshore.cx Triggered By: HTTP (Status code changed to 403) Time Detected: 2026-03-13 17:40:40 UTC π HTTP Fingerprint Changes: Status: 200 β 403 x-xssβ¦
I think he is updating the site. the site provides information on different hosts, email, etc to use for privacy
the body hash will do a check for size. i think its something like a 35% change or higher and it will notify
Edit: body_changed = size_ratio > 0.35
Edit: body_changed = size_ratio > 0.35
β οΈ FBI Watchdog - HTTP Fingerprint Change β οΈ
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: offshore.cx
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 18:07:31 UTC
Previous Records:
New Records:
π DarkWebInformer.com - Cyber Threat Intelligence
Domain: offshore.cx
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 18:07:31 UTC
Previous Records:
Status: 403
Body: e478c00442ca
New Records:
Status: 403 β 200
Body hash: e478c00442ca β aae643f5235e (size: 1,483 β 58,704)
βΌοΈπ¦πΊ A threat actor is allegedly selling the database of Phonebot, an Australian retailer of refurbished and pre-owned electronics founded in 2012 in Melbourne, Victoria, containing 200K+ customer records.
The breached data reportedly includes customer IDs, full names, emails, phone numbers, fax numbers, passwords (MD5 hashed), IP addresses, platform details, two-factor status, Google IDs, reward points, and newsletter/marketing preferences.
The breached data reportedly includes customer IDs, full names, emails, phone numbers, fax numbers, passwords (MD5 hashed), IP addresses, platform details, two-factor status, Google IDs, reward points, and newsletter/marketing preferences.
βΌοΈ DOJ Press Release
βββββββββββββββββββββ
Adobe Agrees to $150 Million Settlement and Injunction to Resolve Alleged Violations of the Restore Online Shoppersβ Confidence Act
Full Press Release β justice.gov
βββββββββββββββββββββ
π΅οΈ Dark Web Informer β’ DOJ Monitor
βββββββββββββββββββββ
Adobe Agrees to $150 Million Settlement and Injunction to Resolve Alleged Violations of the Restore Online Shoppersβ Confidence Act
Full Press Release β justice.gov
βββββββββββββββββββββ
π΅οΈ Dark Web Informer β’ DOJ Monitor
www.justice.gov
Adobe Agrees to $150 Million Settlement and Injunction to Resolve
The Justice Department announced that it has filed a proposed stipulated order that, if entered by the court, will resolve a case against software company Adobe Inc. and two of its employees, Maninder Sawhney and David Wadhwani. The proposed order requiresβ¦
βΌοΈπΊπΈ A threat actor has allegedly leaked the database of TLDR.Tech, a popular tech newsletter, exposing over 1.2 million unique users.
The compromised data reportedly includes emails, full names, phone numbers, LinkedIn URLs and identifiers, company details (name, industry, employee count, headquarters, website), education history, position history, skills, seniority, departments, and photo URLs.
The compromised data reportedly includes emails, full names, phone numbers, LinkedIn URLs and identifiers, company details (name, industry, employee count, headquarters, website), education history, position history, skills, seniority, departments, and photo URLs.