‼️🇲🇽 Compass Imaging & Lab allegedly breached exposing 10K positive HIV, syphilis, and COVID test results from the Mexican lab

A threat actor self-described as specializing in stealing medical data claims to have breached Compass Imaging & Lab (compassimaginglab.com), a Mexican clinical laboratory, releasing the data for free after stating the lab refused to pay during a pentest negotiation. The leak contains around 10,000 records flagged positive across HIV, syphilis, COVID and other tests, with the seller claiming the data quality is higher than previous posts and including blood type, full names, and contact details.

Post details:

▸ Actor(s): Alameda_slim
▸ Sector: Healthcare / Clinical laboratory
▸ Type: Data Leak
▸ Format: CSV-style records
▸ Price: Free (reply or upgrade gated)
▸ Records: ~10,000 positive results
▸ Country: Mexico
▸ Date: 08/05/2026

Compromised data:

▪️ Full names (nombre, apellidos)
▪️ Birth date and age (edad)
▪️ Phone numbers (95% coverage)
▪️ Email (90% coverage)
▪️ Test date and result type
▪️ Result (positive/negative)
▪️ Blood type and Rh factor (Grupo Sanguíneo y Factor RH)
▪️ Test categories including ANTICUERPOS ANTI MICROSOMALES (AC. ANTI-TPO)
▪️ Internal IDs (id_resultado, id_perfil, id_paciente, id_usuario, id_examen)
▪️ Status, comments, file references, send method
▪️ Recipients (destinatarios)

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇪🇨 SALUDSA allegedly breached exposing 35K+ medical records and employee access from the Ecuadorian health insurance provider

A threat actor claims to have exfiltrated sensitive medical data from SALUDSA, an Ecuadorian health insurance company, in collaboration with a group called OXteams. The post advertises 35,000+ records covering email subscribers, insured individuals, plans, and purchase history, releases a 30K+ free download, and includes screenshots of an alleged employee access management panel with corporate emails and account states.

Post details:

▸ Actor(s): GondorPe (with OXteams)
▸ Sector: Healthcare / Health insurance
▸ Type: Data Leak with admin panel exposure
▸ Format: JSON / mixed records
▸ Price: Free
▸ Records: 35,000+ (25,277 emails, 11,120 individuals)
▸ Country: Ecuador
▸ Date: 08/05/2026

Compromised data:

▪️ Email addresses (25,277)
▪️ Cell phone numbers
▪️ Age and gender
▪️ Pre-existing medical conditions
▪️ Quoted insurance plan
▪️ Family role (primary, spouse, child, etc.)
▪️ ID / Passport number (11,120 individuals)
▪️ Full names and last names
▪️ Marital status
▪️ Health insurance product enrollment (Práctico, Ideal, Élite, Privilegio, Oncocare)
▪️ Completed purchase transactions
▪️ Company emails (alert and free types)
▪️ Employee access management panel (usernames, corporate emails, account state, last login)

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇳 BLS International allegedly breached exposing 29 million records, source code, and SSH keys from the Indian visa services giant

A threat actor claims to be selling databases, backend source code, Amazon S3 bucket dumps, MySQL ROOT access, and SSH private keys belonging to BLS International, an Indian multinational handling visa, passport, consular, biometrics, and citizen services for governments and embassies worldwide. The post lists 14 country/service-specific databases totaling around 29 million rows with 28GB of compressed data and shows folders of customer passport scans, ID cards, and biometric photos staged for individual applicants.

Post details:

▸ Actor(s): scatt3r
▸ Sector: Government services / Visa & passport processing
▸ Type: Data Sale + Access Sale
▸ Format: SQL databases, source code, S3 bucket dumps, SSH private keys, image folders (28GB compressed)
▸ Price: Negotiable
▸ Records: ~29,000,000 rows
▸ Country: India (multinational scope)
▸ Date: 09/05/2026

Affected database folders:

▪️ db_IndiaKuwait (130 tables)
▪️ db_IndiaCanada_Appointment (36 tables)
▪️ db_IndiaUAE_Appointment (32 tables)
▪️ db_IndiaSpain (102 tables)
▪️ db_PolandPhil_Appointment (56 tables)
▪️ db_IndiaSingapore_Appointment (34 tables)
▪️ db_BrazilLebanon_Backend (56 tables)
▪️ db_IndiaMalayia (58 tables)
▪️ db_IndiaHongkong_Ap (32 tables)
▪️ db_BrazilLebanon_Appointment (35 tables)
▪️ mysql (37 tables)
▪️ gdit_canada (69 tables)
▪️ singapore_orderform (7 tables)
▪️ db_IndiaChina_Appointment (31 tables)

Compromised data and assets:

▪️ Backend source code of the BLS International web application (PHP, configs, htaccess, mailers)
▪️ Amazon S3 bucket dumps with customer document folders
▪️ Passport scans and applications (PassportApplication folders)
▪️ National ID cards, residence permits, and biometric face photos
▪️ Liveness videos recorded during in-person appointments via OzForensics
▪️ Customer appointment data tied to per-applicant CUST_ folder IDs
▪️ Private API keys, SMTP keys, SMS API keys
▪️ MySQL ROOT access and SSH private keys to backend servers
▪️ Internal admin and CMS templates, captcha system, vendor packages

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇪🇬 Mansoura University allegedly breached exposing 10GB+ of student data, research, and internal documents

A threat actor, posting in collaboration with CrowStealer, quellostanco, and bigF, claims to be selling a breach of Mansoura University, described in the post as one of the oldest and largest universities in Egypt. The package totals over 10GB and includes nearly 989,000 student records spanning 2012 to 2025/2026, plus thousands of research and internal PDFs and student photos.

Post details:

▸ Actor(s): INT3X (with CrowStealer, quellostanco, bigF)
▸ Sector: Education / University
▸ Type: Data Sale
▸ Format: CSV, PDF, image files
▸ Price: Negotiable (no data exchange accepted)
▸ Records: ~989,000 students + 3,853 research docs + 1,547 internal docs + 600MB student images
▸ Country: Egypt
▸ Date: 10/05/2026

Compromised data:

▪️ Username, Arabic name, English name
▪️ National ID number
▪️ Password and email
▪️ Language preference
▪️ University, faculty, year level
▪️ Enrollment status, study year, courses
▪️ 3,853 research PDFs and images (4.96GB)
▪️ 1,547 internal PDFs and images (3.72GB)
▪️ Student photographs (600MB)

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations