‼️ Blackwater Ransomware Chat Portal:
http://6t5g73fbzdjuhvvovuvuhc4mdgefrwn75szssx4ftqzxyuacdij47pad[.]onion
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
http://6t5g73fbzdjuhvvovuvuhc4mdgefrwn75szssx4ftqzxyuacdij47pad[.]onion
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
Forwarded from FBI Watchdog Alerts by Dark Web Informer
⚠️ FBI Watchdog - IP Change (hosting migration) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: IP Change (hosting migration)
Time Detected: 2026-05-06 03:17:23 UTC
Previous Records:
New Records:
🔗 DarkWebInformer.com - Cyber Threat Intelligence
Domain: pwnforums.st
Record Type: IP Change (hosting migration)
Time Detected: 2026-05-06 03:17:23 UTC
Previous Records:
A: 91.107.246.200
AAAA:
New Records:
A: 91.107.246.200 → 104.194.133.190
rDNS: 104.194.133.190 → 190.133.194.104.static.cloudzy.com
Classification: Complete IP replacement - likely hosting migration
‼️TomodachiShare allegedly exposing 145K user accounts
The actor TheAnonymousShipper has shared a dataset containing emails, nicknames, descriptions, and profile photos from accounts created on TomodachiShare.com, a fan community site centered on the Tomodachi Life game.
Post details:
▸ Actor: TheAnonymousShipper
▸ Sector: Online Community / Gaming
▸ Type: Data Leak
▸ Records: ~145,000
▸ Price: Free
Compromised data:
▪️ User ID
▪️ Account name
▪️ Email address
▪️ Email verification status
▪️ Profile image / avatar URL
▪️ Profile description
▪️ Account creation timestamp
▪️ Last update timestamp
▪️ Image last-updated timestamp
▪️ Likes count
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor TheAnonymousShipper has shared a dataset containing emails, nicknames, descriptions, and profile photos from accounts created on TomodachiShare.com, a fan community site centered on the Tomodachi Life game.
Post details:
▸ Actor: TheAnonymousShipper
▸ Sector: Online Community / Gaming
▸ Type: Data Leak
▸ Records: ~145,000
▸ Price: Free
Compromised data:
▪️ User ID
▪️ Account name
▪️ Email address
▪️ Email verification status
▪️ Profile image / avatar URL
▪️ Profile description
▪️ Account creation timestamp
▪️ Last update timestamp
▪️ Image last-updated timestamp
▪️ Likes count
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇫🇷 CAF (Caisse d'Allocations Familiales) allegedly breached exposing 22 million records
The actor eztocard has shared a 15.35 GB JSON dataset claimed to originate from CAF, France's family allowance fund agency. Sample records include extensive personal, demographic, and administrative data on individual beneficiaries.
Post details:
▸ Actor: eztocard
▸ Sector: Government / Social Services
▸ Type: Data Leak
▸ Format: JSON (15.35 GB, file: a.json)
▸ Records: ~22,000,000
▸ Price: Free
Compromised data:
▪️ Internal IDs (id, id_psp)
▪️ Full name, first name, title (Mr/Mrs)
▪️ Date of birth
▪️ Gender
▪️ Email address
▪️ Phone number
▪️ Matricule (registration number)
▪️ Organisation code & affiliation (CAF)
▪️ Beneficiary status & situation
▪️ Full postal address (street, number, postal code, INSEE code, commune)
▪️ Address complement
▪️ Exercise ID & validation status
▪️ Document UUID & rejection flag
▪️ Account creation & update timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor eztocard has shared a 15.35 GB JSON dataset claimed to originate from CAF, France's family allowance fund agency. Sample records include extensive personal, demographic, and administrative data on individual beneficiaries.
Post details:
▸ Actor: eztocard
▸ Sector: Government / Social Services
▸ Type: Data Leak
▸ Format: JSON (15.35 GB, file: a.json)
▸ Records: ~22,000,000
▸ Price: Free
Compromised data:
▪️ Internal IDs (id, id_psp)
▪️ Full name, first name, title (Mr/Mrs)
▪️ Date of birth
▪️ Gender
▪️ Email address
▪️ Phone number
▪️ Matricule (registration number)
▪️ Organisation code & affiliation (CAF)
▪️ Beneficiary status & situation
▪️ Full postal address (street, number, postal code, INSEE code, commune)
▪️ Address complement
▪️ Exercise ID & validation status
▪️ Document UUID & rejection flag
▪️ Account creation & update timestamps
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇭🇰 KGI (kgi.com.hk) allegedly breached exposing 5M+ Hong Kong stock investor records
The actor FuckSpy is offering a database claimed to originate from KGI, a Hong Kong-based stock investment and brokerage firm. The dataset includes investor contact details and granular trading activity, with the price set as negotiable.
Post details:
▸ Actor: FuckSpy
▸ Sector: Finance / Brokerage
▸ Type: Data Sale
▸ Records: 5,000,000+ unique rows
▸ Leaked Date: 2026
▸ Price: Negotiable
Compromised data:
▪️ Email address
▪️ Phone number
▪️ Stock name
▪️ Stock code
▪️ Rise / fall percentage
▪️ Maximum & minimum values
▪️ Trade volume
▪️ Trade amount
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor FuckSpy is offering a database claimed to originate from KGI, a Hong Kong-based stock investment and brokerage firm. The dataset includes investor contact details and granular trading activity, with the price set as negotiable.
Post details:
▸ Actor: FuckSpy
▸ Sector: Finance / Brokerage
▸ Type: Data Sale
▸ Records: 5,000,000+ unique rows
▸ Leaked Date: 2026
▸ Price: Negotiable
Compromised data:
▪️ Email address
▪️ Phone number
▪️ Stock name
▪️ Stock code
▪️ Rise / fall percentage
▪️ Maximum & minimum values
▪️ Trade volume
▪️ Trade amount
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇨🇦 Croesus (croesus.com) allegedly breached exposing 19,220 Canadian user records
The actor moxzey is selling a database claimed to originate from Croesus, a Canadian financial software provider serving the wealth management industry. The dataset is being offered for $250.
Post details:
▸ Actor: moxzey
▸ Sector: Finance / Wealth Management Software
▸ Type: Data Sale
▸ Records: 19,220
▸ Format: CSV
▸ Leaked Date: 1 May 2026
▸ Price: $250
Compromised data:
▪️ Full name
▪️ Phone number
▪️ Address
▪️ City
▪️ Zip / postal code
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor moxzey is selling a database claimed to originate from Croesus, a Canadian financial software provider serving the wealth management industry. The dataset is being offered for $250.
Post details:
▸ Actor: moxzey
▸ Sector: Finance / Wealth Management Software
▸ Type: Data Sale
▸ Records: 19,220
▸ Format: CSV
▸ Leaked Date: 1 May 2026
▸ Price: $250
Compromised data:
▪️ Full name
▪️ Phone number
▪️ Address
▪️ City
▪️ Zip / postal code
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇧🇷 IUNGO Cloud (iungo.cloud) allegedly leaked exposing 21M corporate email addresses
The actor Fronx is releasing a list of 21,997,000 unique email addresses claimed to originate from IUNGO Cloud, a Brazilian cloud-telephony operator providing hosted PBX, virtual extensions, and contact center services to SMBs and enterprises. The actor states the full 73 GiB portabilling database remains up for sale separately.
Post details:
▸ Actor: Fronx
▸ Sector: Cloud Telephony / SaaS Communications
▸ Type: Data Leak (partial release)
▸ Records: 21,997,000 unique email addresses
▸ Price: 10 forum points
Compromised data:
▪️ Corporate email addresses
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor Fronx is releasing a list of 21,997,000 unique email addresses claimed to originate from IUNGO Cloud, a Brazilian cloud-telephony operator providing hosted PBX, virtual extensions, and contact center services to SMBs and enterprises. The actor states the full 73 GiB portabilling database remains up for sale separately.
Post details:
▸ Actor: Fronx
▸ Sector: Cloud Telephony / SaaS Communications
▸ Type: Data Leak (partial release)
▸ Records: 21,997,000 unique email addresses
▸ Price: 10 forum points
Compromised data:
▪️ Corporate email addresses
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇪🇪 Määrdekeskus allegedly breached exposing customer and affiliate records from the Estonian lubricant retailer
A threat actor claims to have breached Määrdekeskus (maardekeskus.ee), an Estonian lubricant and oil retailer serving the Maardu area, and shared the database on a hacking forum. The post states the leak contains 174 tables including 4,108 customer records and 127 affiliate records with hashed credentials and banking details.
Post details:
▸ Actor(s): NightBroker
▸ Sector: Retail / Automotive (lubricants & oil)
▸ Type: Data Leak
▸ Format: SQL, 119MB (1 file, 174 tables)
▸ Price: 4 forum points
▸ Records: 4,108 customers, 127 affiliates
▸ Country: Estonia
▸ Date: 05/05/2026
Compromised data:
▪️ Customer ID, group ID, store ID, language ID
▪️ First name, last name, email, telephone, fax
▪️ Password (MD5) and salt
▪️ Cart, wishlist, newsletter, address ID, custom field
▪️ IP, status, approved, safe, token, code, date added
▪️ Affiliate ID, company, website
▪️ Address 1 & 2, city, postcode, country ID, zone ID, code
▪️ Commission, tax, payment, cheque, PayPal
▪️ Bank name, branch number, SWIFT code, account name, account number
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Määrdekeskus (maardekeskus.ee), an Estonian lubricant and oil retailer serving the Maardu area, and shared the database on a hacking forum. The post states the leak contains 174 tables including 4,108 customer records and 127 affiliate records with hashed credentials and banking details.
Post details:
▸ Actor(s): NightBroker
▸ Sector: Retail / Automotive (lubricants & oil)
▸ Type: Data Leak
▸ Format: SQL, 119MB (1 file, 174 tables)
▸ Price: 4 forum points
▸ Records: 4,108 customers, 127 affiliates
▸ Country: Estonia
▸ Date: 05/05/2026
Compromised data:
▪️ Customer ID, group ID, store ID, language ID
▪️ First name, last name, email, telephone, fax
▪️ Password (MD5) and salt
▪️ Cart, wishlist, newsletter, address ID, custom field
▪️ IP, status, approved, safe, token, code, date added
▪️ Affiliate ID, company, website
▪️ Address 1 & 2, city, postcode, country ID, zone ID, code
▪️ Commission, tax, payment, cheque, PayPal
▪️ Bank name, branch number, SWIFT code, account name, account number
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Palo Alto Networks Warns of Actively Exploited PAN-OS Zero-Day Granting Root Access
Link: https://darkwebinformer.com/palo-alto-networks-warns-of-actively-exploited-pan-os-zero-day-granting-root-access/
Title: Palo Alto Networks Warns of Actively Exploited PAN-OS Zero-Day Granting Root Access
Link: https://darkwebinformer.com/palo-alto-networks-warns-of-actively-exploited-pan-os-zero-day-granting-root-access/
Dark Web Informer
Palo Alto Networks Warns of Actively Exploited PAN-OS Zero-Day Granting Root Access
Palo Alto Networks warned customers today that a critical unpatched vulnerability in PAN-OS is being actively exploited in attacks targeting internet-exposed firewalls.
❤1
‼️🇲🇽 Instituto Consorcio Clavijero allegedly breached exposing 39,000 student records from the Veracruz education platform
Threat actors claim to have breached Instituto Consorcio Clavijero (ICC), a Veracruz-based educational institution in Mexico, describing the platform as "very easy to violate" and taunting the institute to fix its security and stop exposing students. The post is presented as a collaboration between two actors and includes a sample student record with full name, CURP national ID, address, and phone number.
Post details:
▸ Actor(s): Z3r00, MagoSpeak (SpeakTeam)
▸ Sector: Education
▸ Type: Data Leak
▸ Price: Free
▸ Records: ~39,000
▸ Country: Mexico (Veracruz)
▸ Date: 05/05/2026
Compromised data:
▪️ Matrícula (student ID)
▪️ Nombre (full name)
▪️ CURP (national identity code)
▪️ Lugar de entrega (delivery/program location)
▪️ Dirección (full address with postcode and city)
▪️ Teléfono (phone number with extensions)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Threat actors claim to have breached Instituto Consorcio Clavijero (ICC), a Veracruz-based educational institution in Mexico, describing the platform as "very easy to violate" and taunting the institute to fix its security and stop exposing students. The post is presented as a collaboration between two actors and includes a sample student record with full name, CURP national ID, address, and phone number.
Post details:
▸ Actor(s): Z3r00, MagoSpeak (SpeakTeam)
▸ Sector: Education
▸ Type: Data Leak
▸ Price: Free
▸ Records: ~39,000
▸ Country: Mexico (Veracruz)
▸ Date: 05/05/2026
Compromised data:
▪️ Matrícula (student ID)
▪️ Nombre (full name)
▪️ CURP (national identity code)
▪️ Lugar de entrega (delivery/program location)
▪️ Dirección (full address with postcode and city)
▪️ Teléfono (phone number with extensions)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇨🇴 VIP Buenaventura allegedly leaked exposing 70,000 user records from the Colombian taxi app
A threat actor claims to be selling a database from VIP Buenaventura, a Colombian ride-hailing/taxi application, listing 70,000 rows with names, phones, emails, and bcrypt-hashed passwords. The post is priced at $700 for one-hand sale, includes a CSV-style sample with rider records, geolocation, and payment metadata, and offers escrow.
Post details:
▸ Actor(s): faoced
▸ Sector: Transportation / Mobile Apps
▸ Type: Data Sale
▸ Format: CSV-style records
▸ Price: $700 (one hand)
▸ Records: 70,000
▸ Country: Colombia
▸ Date: 06/05/2026
Compromised data:
▪️ ID, first name, last name
▪️ Email, mobile, password (bcrypt hash), remember token
▪️ Gender, picture, language, city
▪️ Payment mode, wallet balance, Braintree ID
▪️ Device ID, device token, device type, login by, social unique ID
▪️ Latitude, longitude, lat1/lon1, lat2/lon2, lat3/lon3, dir1/dir2/dir3
▪️ Rating, version, referral, WhatsApp number, mobile (original)
▪️ API, ride/service flags, terms acceptance, timestamps (created_at, updated_at)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database from VIP Buenaventura, a Colombian ride-hailing/taxi application, listing 70,000 rows with names, phones, emails, and bcrypt-hashed passwords. The post is priced at $700 for one-hand sale, includes a CSV-style sample with rider records, geolocation, and payment metadata, and offers escrow.
Post details:
▸ Actor(s): faoced
▸ Sector: Transportation / Mobile Apps
▸ Type: Data Sale
▸ Format: CSV-style records
▸ Price: $700 (one hand)
▸ Records: 70,000
▸ Country: Colombia
▸ Date: 06/05/2026
Compromised data:
▪️ ID, first name, last name
▪️ Email, mobile, password (bcrypt hash), remember token
▪️ Gender, picture, language, city
▪️ Payment mode, wallet balance, Braintree ID
▪️ Device ID, device token, device type, login by, social unique ID
▪️ Latitude, longitude, lat1/lon1, lat2/lon2, lat3/lon3, dir1/dir2/dir3
▪️ Rating, version, referral, WhatsApp number, mobile (original)
▪️ API, ride/service flags, terms acceptance, timestamps (created_at, updated_at)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇧🇷 CEMIG allegedly breached exposing a 190GB Watson instance dump from the Brazilian energy utility
A threat actor claims to be selling a full Watson customer-service platform dump from CEMIG, a major Brazilian electricity company, allegedly obtained by compromising an admin credential. The 72GB compressed (190GB uncompressed) dataset reportedly contains over 6 million unique conversations covering debt status, utility bill amounts, and parental data, plus Prometheus stats, employee exports, and now-inactive API keys, with the seller accepting on-site escrow.
Post details:
▸ Actor(s): tarot
▸ Sector: Energy / Utilities
▸ Type: Data Sale
▸ Format: Watson instance dump, 72GB compressed / 190GB uncompressed
▸ Price: Negotiable (escrow accepted)
▸ Records: 6.05M conversations, 1.6M phones, 1.38M CPFs, 865k emails, 1.1M names
▸ Country: Brazil
▸ Date: 05/05/2026
Compromised data:
▪️ Unique customer conversations (6,056,078)
▪️ CPF national IDs (1,381,293)
▪️ Phone numbers (1,606,234)
▪️ Email addresses (865,375)
▪️ Full names (1,104,389)
▪️ Debt status and utility bill payment amounts
▪️ Parental/family member names
▪️ Prometheus monitoring stats
▪️ Employee exports
▪️ API keys (reported inactive)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a full Watson customer-service platform dump from CEMIG, a major Brazilian electricity company, allegedly obtained by compromising an admin credential. The 72GB compressed (190GB uncompressed) dataset reportedly contains over 6 million unique conversations covering debt status, utility bill amounts, and parental data, plus Prometheus stats, employee exports, and now-inactive API keys, with the seller accepting on-site escrow.
Post details:
▸ Actor(s): tarot
▸ Sector: Energy / Utilities
▸ Type: Data Sale
▸ Format: Watson instance dump, 72GB compressed / 190GB uncompressed
▸ Price: Negotiable (escrow accepted)
▸ Records: 6.05M conversations, 1.6M phones, 1.38M CPFs, 865k emails, 1.1M names
▸ Country: Brazil
▸ Date: 05/05/2026
Compromised data:
▪️ Unique customer conversations (6,056,078)
▪️ CPF national IDs (1,381,293)
▪️ Phone numbers (1,606,234)
▪️ Email addresses (865,375)
▪️ Full names (1,104,389)
▪️ Debt status and utility bill payment amounts
▪️ Parental/family member names
▪️ Prometheus monitoring stats
▪️ Employee exports
▪️ API keys (reported inactive)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations