1/2‼️🇻🇪 MAJOR CLAIM: SAIME, SAREN, and Carnet Fronterizo allegedly breached exposing 35M Venezuelan IDs, 13.4M birth certificates, and 92K border records

A threat group calling itself "L4TAMFUCKERS" claims to have breached Venezuela's interconnected SAIME (national identity), SAREN (civil registry), and Carnet de Movilidad Fronteriza (border ID) systems by chaining API exploitation, IDOR/BOLA attacks, and tunneling exfiltration through official government data channels. The post, branded "Operation Hecatombe Venezuela," advertises 35.2M biographical records, 13.4M birth certificates totaling nearly 6TB of legal documents, and 92K detailed border crossing records, with the actors stating "an entire country's identity in plaintext."

Post details:

▸ Actor(s): GordonFreeman, Izanagi, YoSoyGroot (L4TAMFUCKERS)
▸ Sector: Government / National Identity & Civil Registry
▸ Type: Data Leak
▸ Format: SQL/CSV records, PDFs, scanned documents (~6TB SAREN)
▸ Records: 35.2M SAIME + 13.4M SAREN birth certificates + 92K Carnet Fronterizo
▸ Country: Venezuela
▸ Date: 08/05/2026

Compromised data:

▪️ SAIME: Cédula ID number, full names, gender, date of birth, profession code, registration date
▪️ SAIME admin users: ID, username, email, hashed password, status, lock date, full name, second name
▪️ SAREN: 13.4M scanned birth certificates with parental data, registrar signatures, hospital and parish details
▪️ SAREN: Marriage and notarial records with seals and registry numbers
▪️ Carnet Fronterizo: Foreign ID number, cédula, nationality, full names, date of birth
▪️ Carnet Fronterizo: Gender, occupation, expiration date, border post, ID photo
▪️ Carnet Fronterizo: Email addresses, passwords, phone numbers, system registration dates
▪️ Internal API channels and identifiers used to pivot between ministries

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇫🇷 Fédération Française de Ball-Trap allegedly leaked exposing 5,642 member accounts from the French clay pigeon shooting federation

A threat actor claims to have leaked accounts from the Fédération Française de Ball-Trap (FFBT), the French national federation governing clay pigeon shooting, releasing the dataset for free. The post advertises 5,642 accounts including emails and password hashes, with the actor specifically noting that private moderator accounts are included in the dump.

Post details:

▸ Actor(s): NormalLeVrai
▸ Sector: Sports / Federation (clay pigeon shooting)
▸ Type: Data Leak
▸ Format: TXT (email:hash)
▸ Price: Free
▸ Records: 5,642
▸ Country: France
▸ Date: 08/05/2026

Compromised data:

▪️ Email addresses
▪️ Password hashes
▪️ Moderator account credentials

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇲🇽 Compass Imaging & Lab allegedly breached exposing 10K positive HIV, syphilis, and COVID test results from the Mexican lab

A threat actor self-described as specializing in stealing medical data claims to have breached Compass Imaging & Lab (compassimaginglab.com), a Mexican clinical laboratory, releasing the data for free after stating the lab refused to pay during a pentest negotiation. The leak contains around 10,000 records flagged positive across HIV, syphilis, COVID and other tests, with the seller claiming the data quality is higher than previous posts and including blood type, full names, and contact details.

Post details:

▸ Actor(s): Alameda_slim
▸ Sector: Healthcare / Clinical laboratory
▸ Type: Data Leak
▸ Format: CSV-style records
▸ Price: Free (reply or upgrade gated)
▸ Records: ~10,000 positive results
▸ Country: Mexico
▸ Date: 08/05/2026

Compromised data:

▪️ Full names (nombre, apellidos)
▪️ Birth date and age (edad)
▪️ Phone numbers (95% coverage)
▪️ Email (90% coverage)
▪️ Test date and result type
▪️ Result (positive/negative)
▪️ Blood type and Rh factor (Grupo Sanguíneo y Factor RH)
▪️ Test categories including ANTICUERPOS ANTI MICROSOMALES (AC. ANTI-TPO)
▪️ Internal IDs (id_resultado, id_perfil, id_paciente, id_usuario, id_examen)
▪️ Status, comments, file references, send method
▪️ Recipients (destinatarios)

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇪🇨 SALUDSA allegedly breached exposing 35K+ medical records and employee access from the Ecuadorian health insurance provider

A threat actor claims to have exfiltrated sensitive medical data from SALUDSA, an Ecuadorian health insurance company, in collaboration with a group called OXteams. The post advertises 35,000+ records covering email subscribers, insured individuals, plans, and purchase history, releases a 30K+ free download, and includes screenshots of an alleged employee access management panel with corporate emails and account states.

Post details:

▸ Actor(s): GondorPe (with OXteams)
▸ Sector: Healthcare / Health insurance
▸ Type: Data Leak with admin panel exposure
▸ Format: JSON / mixed records
▸ Price: Free
▸ Records: 35,000+ (25,277 emails, 11,120 individuals)
▸ Country: Ecuador
▸ Date: 08/05/2026

Compromised data:

▪️ Email addresses (25,277)
▪️ Cell phone numbers
▪️ Age and gender
▪️ Pre-existing medical conditions
▪️ Quoted insurance plan
▪️ Family role (primary, spouse, child, etc.)
▪️ ID / Passport number (11,120 individuals)
▪️ Full names and last names
▪️ Marital status
▪️ Health insurance product enrollment (Práctico, Ideal, Élite, Privilegio, Oncocare)
▪️ Completed purchase transactions
▪️ Company emails (alert and free types)
▪️ Employee access management panel (usernames, corporate emails, account state, last login)

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇳 BLS International allegedly breached exposing 29 million records, source code, and SSH keys from the Indian visa services giant

A threat actor claims to be selling databases, backend source code, Amazon S3 bucket dumps, MySQL ROOT access, and SSH private keys belonging to BLS International, an Indian multinational handling visa, passport, consular, biometrics, and citizen services for governments and embassies worldwide. The post lists 14 country/service-specific databases totaling around 29 million rows with 28GB of compressed data and shows folders of customer passport scans, ID cards, and biometric photos staged for individual applicants.

Post details:

▸ Actor(s): scatt3r
▸ Sector: Government services / Visa & passport processing
▸ Type: Data Sale + Access Sale
▸ Format: SQL databases, source code, S3 bucket dumps, SSH private keys, image folders (28GB compressed)
▸ Price: Negotiable
▸ Records: ~29,000,000 rows
▸ Country: India (multinational scope)
▸ Date: 09/05/2026

Affected database folders:

▪️ db_IndiaKuwait (130 tables)
▪️ db_IndiaCanada_Appointment (36 tables)
▪️ db_IndiaUAE_Appointment (32 tables)
▪️ db_IndiaSpain (102 tables)
▪️ db_PolandPhil_Appointment (56 tables)
▪️ db_IndiaSingapore_Appointment (34 tables)
▪️ db_BrazilLebanon_Backend (56 tables)
▪️ db_IndiaMalayia (58 tables)
▪️ db_IndiaHongkong_Ap (32 tables)
▪️ db_BrazilLebanon_Appointment (35 tables)
▪️ mysql (37 tables)
▪️ gdit_canada (69 tables)
▪️ singapore_orderform (7 tables)
▪️ db_IndiaChina_Appointment (31 tables)

Compromised data and assets:

▪️ Backend source code of the BLS International web application (PHP, configs, htaccess, mailers)
▪️ Amazon S3 bucket dumps with customer document folders
▪️ Passport scans and applications (PassportApplication folders)
▪️ National ID cards, residence permits, and biometric face photos
▪️ Liveness videos recorded during in-person appointments via OzForensics
▪️ Customer appointment data tied to per-applicant CUST_ folder IDs
▪️ Private API keys, SMTP keys, SMS API keys
▪️ MySQL ROOT access and SSH private keys to backend servers
▪️ Internal admin and CMS templates, captcha system, vendor packages

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations