๐จ๐ฎ๐ฉ LSP Telematika allegedly breached: 14GB+ certification database exposed from Indonesian IT professional records
A threat actor claims to be selling a database tied to LSP Telematika, an Indonesian professional certification body for information technology. The actor alleges the exposed dataset contains tens of thousands of records involving assessors and assessees, along with private conversations, decree documents, and company files.
โโโโโโโโโโโโโโโโโโโโ
Target: LSP Telematika
Sector: Professional Certification / Information Technology
Incident: Database Leak
Exposure: 14GB+
Actor: Kyyzo
Country: Indonesia
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Assessee records from certification database tables
โช๏ธ Assessor personal data and profile information
โช๏ธ Registration numbers and certification-related identifiers
โช๏ธ Names, birthplaces, birth dates, ages, and email fields
โช๏ธ Phone numbers, identity number fields, and address-related data
โช๏ธ Private conversations and decree-related documents
โช๏ธ Personal company document files linked to certification activity
Potential impact:
The exposed data could be used for identity theft, phishing, credential targeting, impersonation, and social engineering against Indonesian IT certification participants and assessors.
Status:
Unverified underground forum claim. The actor posted database samples and described the release as part of an extortion-driven follow-up leak.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database tied to LSP Telematika, an Indonesian professional certification body for information technology. The actor alleges the exposed dataset contains tens of thousands of records involving assessors and assessees, along with private conversations, decree documents, and company files.
โโโโโโโโโโโโโโโโโโโโ
Target: LSP Telematika
Sector: Professional Certification / Information Technology
Incident: Database Leak
Exposure: 14GB+
Actor: Kyyzo
Country: Indonesia
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Assessee records from certification database tables
โช๏ธ Assessor personal data and profile information
โช๏ธ Registration numbers and certification-related identifiers
โช๏ธ Names, birthplaces, birth dates, ages, and email fields
โช๏ธ Phone numbers, identity number fields, and address-related data
โช๏ธ Private conversations and decree-related documents
โช๏ธ Personal company document files linked to certification activity
Potential impact:
The exposed data could be used for identity theft, phishing, credential targeting, impersonation, and social engineering against Indonesian IT certification participants and assessors.
Status:
Unverified underground forum claim. The actor posted database samples and described the release as part of an extortion-driven follow-up leak.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จGoblin Refund Service advertised: Amazon and Apple refund fraud service promoted on underground forum
A threat actor is advertising โGoblin Refund Service,โ a refund fraud operation claiming to support Amazon and Apple refund requests through a Telegram-based service.
โโโโโโโโโโโโโโโโโโโโ
Service: Goblin Refund Service
Sector: Retail Fraud / Refund Abuse
Incident: Fraud Service Advertisement
Exposure: Refund scam operation
Actor: Gr33nGoblin
Country: Unknown / Global
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Amazon and Apple refund fraud services
โช๏ธ Claimed support for customers across Europe and America
โช๏ธ Telegram-based ordering and communication
โช๏ธ Flexible terms and support channels
โช๏ธ A step-by-step service flow involving order placement, refund processing, and fee payment
โช๏ธ Cryptocurrency payment options shown in the promotional material
Potential impact:
Refund fraud services can cause financial losses for retailers, abuse customer service workflows, and enable organized e-commerce fraud across major platforms.
Status:
Underground forum advertisement. The actor posted branded promotional graphics and directs interested users to an external messaging channel.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising โGoblin Refund Service,โ a refund fraud operation claiming to support Amazon and Apple refund requests through a Telegram-based service.
โโโโโโโโโโโโโโโโโโโโ
Service: Goblin Refund Service
Sector: Retail Fraud / Refund Abuse
Incident: Fraud Service Advertisement
Exposure: Refund scam operation
Actor: Gr33nGoblin
Country: Unknown / Global
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Amazon and Apple refund fraud services
โช๏ธ Claimed support for customers across Europe and America
โช๏ธ Telegram-based ordering and communication
โช๏ธ Flexible terms and support channels
โช๏ธ A step-by-step service flow involving order placement, refund processing, and fee payment
โช๏ธ Cryptocurrency payment options shown in the promotional material
Potential impact:
Refund fraud services can cause financial losses for retailers, abuse customer service workflows, and enable organized e-commerce fraud across major platforms.
Status:
Underground forum advertisement. The actor posted branded promotional graphics and directs interested users to an external messaging channel.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ซ๐ท Norauto allegedly breached: 522MB customer database exposed from French automotive service records
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
โโโโโโโโโโโโโโโโโโโโ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer database records allegedly linked to Norauto
โช๏ธ Customer names and profile identifiers
โช๏ธ Email addresses and phone number fields
โช๏ธ Address records including city, country, and postal code fields
โช๏ธ Customer ID and account-related metadata
โช๏ธ Antifraud scoring and validation status fields
โช๏ธ Custom customer fields referencing loyalty and identity-related labels
โช๏ธ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
โโโโโโโโโโโโโโโโโโโโ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer database records allegedly linked to Norauto
โช๏ธ Customer names and profile identifiers
โช๏ธ Email addresses and phone number fields
โช๏ธ Address records including city, country, and postal code fields
โช๏ธ Customer ID and account-related metadata
โช๏ธ Antifraud scoring and validation status fields
โช๏ธ Custom customer fields referencing loyalty and identity-related labels
โช๏ธ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ฐ๐ช Land Surveyors Board of Kenya allegedly breached: licensed surveyor and assistant records exposed from government regulatory database
A threat actor claims to have breached the Land Surveyors Board of Kenya, the official Kenyan government regulatory body responsible for licensing land surveyors across the Republic of Kenya.
โโโโโโโโโโโโโโโโโโโโ
Target: Land Surveyors Board of Kenya
Sector: Government / Professional Licensing / Land Surveying
Incident: Data Breach
Exposure: 175 licensed surveyors and 730 approved survey assistants
Actor: cc5ab
Country: Kenya
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Licensed surveyor records for the 2026 licensing year
โช๏ธ Full names and professional licensing status fields
โช๏ธ Personal email and postal address fields
โช๏ธ Firm or company names linked to licensed surveyors
โช๏ธ License numbers and active/inactive status records
โช๏ธ Approved survey assistant records and registration details
โช๏ธ Verification endpoint data containing additional identity and profile-related fields
Potential impact:
The exposed data could be used for impersonation, targeted phishing, licensing fraud, and social engineering against surveyors, assistants, firms, and regulatory contacts.
Status:
Unverified underground forum claim. The actor posted a summary of exposed data and claims additional API and administrative access details were included.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached the Land Surveyors Board of Kenya, the official Kenyan government regulatory body responsible for licensing land surveyors across the Republic of Kenya.
โโโโโโโโโโโโโโโโโโโโ
Target: Land Surveyors Board of Kenya
Sector: Government / Professional Licensing / Land Surveying
Incident: Data Breach
Exposure: 175 licensed surveyors and 730 approved survey assistants
Actor: cc5ab
Country: Kenya
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Licensed surveyor records for the 2026 licensing year
โช๏ธ Full names and professional licensing status fields
โช๏ธ Personal email and postal address fields
โช๏ธ Firm or company names linked to licensed surveyors
โช๏ธ License numbers and active/inactive status records
โช๏ธ Approved survey assistant records and registration details
โช๏ธ Verification endpoint data containing additional identity and profile-related fields
Potential impact:
The exposed data could be used for impersonation, targeted phishing, licensing fraud, and social engineering against surveyors, assistants, firms, and regulatory contacts.
Status:
Unverified underground forum claim. The actor posted a summary of exposed data and claims additional API and administrative access details were included.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐ช Slice For Life - Part 2 ๐ช
I will be adding a "Chatter" category just above where the pagination bar is with the other categories in a couple of hours on the threat feed. Be sure to update your notifications after it starts providing posts if you don't want to see/hear the noise. _โฆ
I'm testing this out with Dread. Right now the only issue is loading the CSS properly. Its not a Tor issue. Once it looks solid for 24 hours or so we move on to the next.
This media is not supported in your browser
VIEW IN TELEGRAM
RDP Stealer with Windows Defender Bypass
Video credit: youtube.com/@digitaldefenders76
________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Video credit: youtube.com/@digitaldefenders76
________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โค2
๐จ๐ฏ๐ต Okinawa Tourist Service allegedly breached: 600K+ customer records and ID document images advertised for sale
A threat actor claims to be selling customer data tied to Okinawa Tourist Service, a Japan-based travel and transportation company operating rental car and tourism services.
โโโโโโโโโโโโโโโโโโโโ
Target: Okinawa Tourist Service
Sector: Travel / Transportation / Car Rental
Incident: Data Leak / Sale
Exposure: 600K+ customer records and 4,371 ID card image records
Actor: sexybroker
Country: Japan
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer records allegedly linked to Okinawa Tourist Service
โช๏ธ Names, kana fields, gender, and birth date data
โช๏ธ Address, ZIP/postal code, telephone, and email fields
โช๏ธ Age and social media-related profile fields
โช๏ธ Driver license numbers and license issue/expiration dates
โช๏ธ Driver license image references and front/back ID card scans
โช๏ธ CSV customer member database and image archive samples
Potential impact:
The exposed data could be used for identity theft, travel fraud, account impersonation, phishing, and targeted scams against rental car and tourism customers.
Status:
Unverified underground forum sale listing. The actor posted sample customer fields, archive counts, and driver license image previews as proof.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling customer data tied to Okinawa Tourist Service, a Japan-based travel and transportation company operating rental car and tourism services.
โโโโโโโโโโโโโโโโโโโโ
Target: Okinawa Tourist Service
Sector: Travel / Transportation / Car Rental
Incident: Data Leak / Sale
Exposure: 600K+ customer records and 4,371 ID card image records
Actor: sexybroker
Country: Japan
Date: 17/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer records allegedly linked to Okinawa Tourist Service
โช๏ธ Names, kana fields, gender, and birth date data
โช๏ธ Address, ZIP/postal code, telephone, and email fields
โช๏ธ Age and social media-related profile fields
โช๏ธ Driver license numbers and license issue/expiration dates
โช๏ธ Driver license image references and front/back ID card scans
โช๏ธ CSV customer member database and image archive samples
Potential impact:
The exposed data could be used for identity theft, travel fraud, account impersonation, phishing, and targeted scams against rental car and tourism customers.
Status:
Unverified underground forum sale listing. The actor posted sample customer fields, archive counts, and driver license image previews as proof.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations