‼️🇫🇷 Leroy Merlin France allegedly leaked exposing 367,462 loyalty program records
A threat actor claims to be selling a freshly scraped database from Leroy Merlin France, clarifying that it is not a full store dump but rather a dump from one of the retailer's loyalty ("outil de fidelité") tools, and is being marketed as premium, unprocessed, and not previously circulated. The package contains a single file with detailed customer profiles including loyalty card data, addresses, and account metadata.
Post details:
▸ Actor(s): Lagui
▸ Sector: Retail (home improvement)
▸ Type: Data Sale
▸ Format: 1 file (JSON), 367,462 entries
▸ Price: Negotiable (escrow accepted)
▸ Records: 367,462
▸ Country: France
▸ Date: 06/05/2026
Compromised data:
▪️ Internal ID, login, civility, birth date
▪️ First name and last name
▪️ Email addresses (primary and login)
▪️ Phone numbers
▪️ Multiple addresses (building, street number, street, city, postal code, country, province)
▪️ Loyalty card number and barcode
▪️ Loyalty status, points, expiration, validity dates
▪️ Reward and burn status, vouchers, badges
▪️ Co-owners and partner platform access flags
▪️ Web account status, last login, login count
▪️ Marital status, number of children, store code
▪️ Account creation date and migration state
▪️ Administrative identifiers and moving date
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a freshly scraped database from Leroy Merlin France, clarifying that it is not a full store dump but rather a dump from one of the retailer's loyalty ("outil de fidelité") tools, and is being marketed as premium, unprocessed, and not previously circulated. The package contains a single file with detailed customer profiles including loyalty card data, addresses, and account metadata.
Post details:
▸ Actor(s): Lagui
▸ Sector: Retail (home improvement)
▸ Type: Data Sale
▸ Format: 1 file (JSON), 367,462 entries
▸ Price: Negotiable (escrow accepted)
▸ Records: 367,462
▸ Country: France
▸ Date: 06/05/2026
Compromised data:
▪️ Internal ID, login, civility, birth date
▪️ First name and last name
▪️ Email addresses (primary and login)
▪️ Phone numbers
▪️ Multiple addresses (building, street number, street, city, postal code, country, province)
▪️ Loyalty card number and barcode
▪️ Loyalty status, points, expiration, validity dates
▪️ Reward and burn status, vouchers, badges
▪️ Co-owners and partner platform access flags
▪️ Web account status, last login, login count
▪️ Marital status, number of children, store code
▪️ Account creation date and migration state
▪️ Administrative identifiers and moving date
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Systemd Backdoor: A simple script to automate systemd backdoor
GitHub: https://github.com/MatheuZSecurity/systemd-backdoor/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/MatheuZSecurity/systemd-backdoor/
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😈1
🚨Marlon Ferro, who went by the online handle "GothFerrari," has been sentenced to 6.5 years in federal prison for his involvement in the Malone Lam heist, a crypto theft that netted more than $250 million. He was also ordered to pay $2.5 Million in restitution.
https://www.justice.gov/usao-dc/pr/gothferrari-sentenced-78-months-prison-role-massive-cryptocurrency-heist
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.justice.gov/usao-dc/pr/gothferrari-sentenced-78-months-prison-role-massive-cryptocurrency-heist
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
www.justice.gov
‘GothFerrari’ Sentenced to 78 Months in Prison for Role in Massive
Marlon Ferro, 20, of Santa Ana, California, was sentenced today in U.S. District Court to 78 months in prison in connection with his role in a sprawling social engineering conspiracy that stole well over $250 million in cryptocurrency from victims across…
‼️ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 6th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-6th-2026/
Title: Daily Dose of Dark Web Informer - May 6th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-6th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 6th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
‼️ New Dark Web Informer Blog Post!
Title: Indonesia’s Ministry of Energy and Mineral Resources (ESDM) allegedly leaked exposing fuel oil distributor records
Link: https://darkwebinformer.com/indonesias-ministry-of-energy-and-mineral-resources-esdm-allegedly-leaked-exposing-fuel-oil-distributor-records/
Title: Indonesia’s Ministry of Energy and Mineral Resources (ESDM) allegedly leaked exposing fuel oil distributor records
Link: https://darkwebinformer.com/indonesias-ministry-of-energy-and-mineral-resources-esdm-allegedly-leaked-exposing-fuel-oil-distributor-records/
Dark Web Informer
Indonesia’s Ministry of Energy and Mineral Resources (ESDM) Allegedly Leaked Exposing Fuel Oil Distributor Records
A threat actor claims to have leaked a database from Indonesia’s Ministry of Energy and Mineral Resources (Kementerian ESDM), specifically the list of distributors for general commercial business entities of fuel oil for the second semester of 2025
‼️ New Dark Web Informer Blog Post!
Title: Indonesia’s Ministry of Energy and Mineral Resources (ESDM) Allegedly Leaked Exposing Fuel Oil Distributor Records
Link: https://darkwebinformer.com/indonesias-ministry-of-energy-and-mineral-resources-esdm-allegedly-leaked-exposing-fuel-oil-distributor-records/
Title: Indonesia’s Ministry of Energy and Mineral Resources (ESDM) Allegedly Leaked Exposing Fuel Oil Distributor Records
Link: https://darkwebinformer.com/indonesias-ministry-of-energy-and-mineral-resources-esdm-allegedly-leaked-exposing-fuel-oil-distributor-records/
Dark Web Informer
Indonesia’s Ministry of Energy and Mineral Resources (ESDM) Allegedly Leaked Exposing Fuel Oil Distributor Records
A threat actor claims to have leaked a database from Indonesia’s Ministry of Energy and Mineral Resources (Kementerian ESDM), specifically the list of distributors for general commercial business entities of fuel oil for the second semester of 2025
‼️ New Dark Web Informer Blog Post!
Title: MoreIdeas General Trading Allegedly Re-Leaked Exposing 787,217 Student Records From the Dubai EdTech Firm
Link: https://darkwebinformer.com/moreideas-general-trading-allegedly-re-leaked-exposing-787-217-student-records-from-the-dubai-edtech-firm/
Title: MoreIdeas General Trading Allegedly Re-Leaked Exposing 787,217 Student Records From the Dubai EdTech Firm
Link: https://darkwebinformer.com/moreideas-general-trading-allegedly-re-leaked-exposing-787-217-student-records-from-the-dubai-edtech-firm/
Dark Web Informer
MoreIdeas General Trading Allegedly Re-Leaked Exposing 787,217 Student Records From the Dubai EdTech Firm
A threat actor claims to have re-dumped the moreideas.ae database, stating this version is “more juicy than before” and dating the breach to May 2026
Pavel Durov, founder of Telegram, posted this video in regards to TON's finality time.
I'll take Monero at 20 minutes and beyond any day.
I'll take Monero at 20 minutes and beyond any day.
❤2
‼️ New Dark Web Informer Blog Post!
Title: Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
Link: https://darkwebinformer.com/belgian-sports-fitness-chain-allegedly-breached-exposing-105k-customer-records-with-iban-data/
Title: Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
Link: https://darkwebinformer.com/belgian-sports-fitness-chain-allegedly-breached-exposing-105k-customer-records-with-iban-data/
Dark Web Informer
Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data
A threat actor claims to be selling a customer database from a Belgian sports/fitness business (gym branding visible in the post as “ANIMO”), advertising it as containing 105,000 customers with full IBAN banking details. The seller is offering tiered pricing…
‼️ New Dark Web Informer Blog Post!
Title: Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
Link: https://darkwebinformer.com/laboratorios-ceflo-allegedly-breached-exposing-21k-positive-hiv-syphilis-and-covid-test-results-from-the-mexican-lab/
Title: Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
Link: https://darkwebinformer.com/laboratorios-ceflo-allegedly-breached-exposing-21k-positive-hiv-syphilis-and-covid-test-results-from-the-mexican-lab/
Dark Web Informer
Laboratorios CEFLO Allegedly Breached Exposing 21K Positive HIV, Syphilis, and COVID Test Results From the Mexican Lab
A threat actor describing themselves as specializing in “stealing medical data” claims to have breached Mexican clinical lab Laboratorios CEFLO, releasing the dataset for free out of stated retaliation after the lab allegedly ignored a paid pentest offer.
❤1
‼️ New Dark Web Informer Blog Post!
Title: Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
Link: https://darkwebinformer.com/antel-tuid-digital-allegedly-breached-exposing-8gb-of-data-from-the-uruguayan-state-telecoms-e-government-platform/
Title: Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
Link: https://darkwebinformer.com/antel-tuid-digital-allegedly-breached-exposing-8gb-of-data-from-the-uruguayan-state-telecoms-e-government-platform/
Dark Web Informer
Antel TuID Digital Allegedly Breached Exposing 8GB of Data From the Uruguayan State Telecom’s E-Government Platform
A threat actor claims to have compromised TuID Digital, the digital identity platform operated by Uruguayan state-owned telecom Antel, by obtaining the API key stored alongside internal files on Antel’s server backend.
‼️ New Dark Web Informer Blog Post!
Title: US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
Link: https://darkwebinformer.com/us-non-emergency-medical-transport-network-allegedly-breached-exposing-500k-patient-records-and-live-admin-access/
Title: US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
Link: https://darkwebinformer.com/us-non-emergency-medical-transport-network-allegedly-breached-exposing-500k-patient-records-and-live-admin-access/
Dark Web Informer
US Non-Emergency Medical Transport Network Allegedly Breached Exposing 500K+ Patient Records and Live Admin Access
A threat actor claims to be selling live, authenticated admin panel access to a major US Non-Emergency Medical Transportation (NEMT) platform, advertising real-time control over operations rather than a static dump.
Taking the current IOC Feeds offline and cutting over to the new feeds. Will update once done.
🔪 Slice For Life - Part 2 🔪
Taking the current IOC Feeds offline and cutting over to the new feeds. Will update once done.
Both feeds have been updated. You may need to hard refresh the page(s) to see the update. CTRL+SHIFT+R
They can both be found under Subscribers or the Intel Feeds on the navigation bar.
They can both be found under Subscribers or the Intel Feeds on the navigation bar.
‼️ New Dark Web Informer Blog Post!
Title: HOMES Real Estate Platform Allegedly Leaked Exposing 7 Million Agent and Investor Records
Link: https://darkwebinformer.com/homes-at-world-allegedly-leaked-exposing-7-million-real-estate-agent-and-investor-records/
Title: HOMES Real Estate Platform Allegedly Leaked Exposing 7 Million Agent and Investor Records
Link: https://darkwebinformer.com/homes-at-world-allegedly-leaked-exposing-7-million-real-estate-agent-and-investor-records/
Dark Web Informer
Homes.at.world Allegedly Leaked Exposing 7 Million Real Estate Agent and Investor Records
A threat actor claims to be selling a 2.47GB CSV database from real estate platform homes.at.world, totaling 7,023,773 lines split between 4,883,773 agent records and 2,140,000 investor records.
‼️🇲🇽 Sunset World Resorts allegedly breached exposing 257GB of corporate data from the Mexican hotel group
A threat actor claims to have exfiltrated 257GB of unique data from Sunset World Group, a Mexican family-owned hospitality business operating six hotels in Cancun and the Riviera Maya. The advertised package spans contracts with customers and suppliers, financial documents, Oracle databases, employee records, and legal documents.
Post details:
▸ Actor(s): wower
▸ Sector: Hospitality / Hotels & Resorts
▸ Type: Data Sale
▸ Format: 257GB (includes Oracle DB exports and documents)
▸ Price: Negotiable
▸ Country: Mexico
Compromised data:
▪️ Customer and supplier contracts
▪️ Financial documents
▪️ Oracle database exports
▪️ Employee records
▪️ Legal documents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have exfiltrated 257GB of unique data from Sunset World Group, a Mexican family-owned hospitality business operating six hotels in Cancun and the Riviera Maya. The advertised package spans contracts with customers and suppliers, financial documents, Oracle databases, employee records, and legal documents.
Post details:
▸ Actor(s): wower
▸ Sector: Hospitality / Hotels & Resorts
▸ Type: Data Sale
▸ Format: 257GB (includes Oracle DB exports and documents)
▸ Price: Negotiable
▸ Country: Mexico
Compromised data:
▪️ Customer and supplier contracts
▪️ Financial documents
▪️ Oracle database exports
▪️ Employee records
▪️ Legal documents
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations