‼️AIRDC advertised as AI-powered hidden remote desktop control tool for Windows targets
A threat actor is selling AIRDC (AI Remote Desktop Control), a tool marketed as an autonomous Windows bridge that uses a specialized LLM to translate plain-English commands into precise hardware-level inputs on a remote machine.
The actor pitches it as a "Chat-to-Action" engine that lets an operator on a phone or another PC tell the AI agent what to do and watch it navigate the target desktop in real time. The post includes a disclaimer that AIRDC is a tool for developers and automation specialists and that remote access requires proper authorization, though the advertised feature set centers on stealth persistence, kernel-level input injection, and headless background operation. Two tier-based subscriptions are offered with cryptocurrency-only payment.
Post details:
▸ Actor(s): GENERAL DARK
▸ Sector: Offensive Tooling / Remote Access
▸ Type: Tool Sale (AI-driven covert remote control)
▸ Format: Software (Windows agent)
▸ Country: Not specified
▸ Date: 11/05/2026
Service features:
▪️ Chat-to-Action engine: specialized LLM bridge translates conversational intent into hardware-level inputs on the remote desktop
▪️ Conversational Command module: direct chat interface for issuing tasks like file search, email sending, and attachment handling
▪️ Vision Engine: low-latency DXGI Frame Buffer capture with OmniParser mapping UI elements into a real-time coordinate grid
▪️ Control Core: kernel-level raw input via the Interception driver, bypassing software restrictions, with human-mimetic mouse curves
▪️ Deep Analysis: integrated Binary Ninja and Ghidra bridge to read .exe logic when the AI cannot identify a UI element
▪️ Stealth Mode: operates via Session 0 and headless virtual desktops so the AI runs in the background while the main screen stays free
▪️ Natural Language Processing: tasks issued in plain English with no programming required
▪️ Universal Compatibility: claims to work with any Windows application without API, plugins, or hooks
▪️ Autonomous Reasoning: accepts goals such as "find the latest invoice in Outlook and upload it to the CRM" and chains actions independently
▪️ Invisible Persistence: runs as a Protected Process Light (PPL) to stay hidden from standard task managers and system scans
▪️ Encrypted Tunneling: WireGuard and Tailscale integration for direct P2P encrypted connection between operator and agent
▪️ Payment: BTC, LTC, XMR, ETH
▪️ Tagline: "The Elite Autonomous Windows Bridge, See. Reason. Execute."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling AIRDC (AI Remote Desktop Control), a tool marketed as an autonomous Windows bridge that uses a specialized LLM to translate plain-English commands into precise hardware-level inputs on a remote machine.
The actor pitches it as a "Chat-to-Action" engine that lets an operator on a phone or another PC tell the AI agent what to do and watch it navigate the target desktop in real time. The post includes a disclaimer that AIRDC is a tool for developers and automation specialists and that remote access requires proper authorization, though the advertised feature set centers on stealth persistence, kernel-level input injection, and headless background operation. Two tier-based subscriptions are offered with cryptocurrency-only payment.
Post details:
▸ Actor(s): GENERAL DARK
▸ Sector: Offensive Tooling / Remote Access
▸ Type: Tool Sale (AI-driven covert remote control)
▸ Format: Software (Windows agent)
▸ Country: Not specified
▸ Date: 11/05/2026
Service features:
▪️ Chat-to-Action engine: specialized LLM bridge translates conversational intent into hardware-level inputs on the remote desktop
▪️ Conversational Command module: direct chat interface for issuing tasks like file search, email sending, and attachment handling
▪️ Vision Engine: low-latency DXGI Frame Buffer capture with OmniParser mapping UI elements into a real-time coordinate grid
▪️ Control Core: kernel-level raw input via the Interception driver, bypassing software restrictions, with human-mimetic mouse curves
▪️ Deep Analysis: integrated Binary Ninja and Ghidra bridge to read .exe logic when the AI cannot identify a UI element
▪️ Stealth Mode: operates via Session 0 and headless virtual desktops so the AI runs in the background while the main screen stays free
▪️ Natural Language Processing: tasks issued in plain English with no programming required
▪️ Universal Compatibility: claims to work with any Windows application without API, plugins, or hooks
▪️ Autonomous Reasoning: accepts goals such as "find the latest invoice in Outlook and upload it to the CRM" and chains actions independently
▪️ Invisible Persistence: runs as a Protected Process Light (PPL) to stay hidden from standard task managers and system scans
▪️ Encrypted Tunneling: WireGuard and Tailscale integration for direct P2P encrypted connection between operator and agent
▪️ Payment: BTC, LTC, XMR, ETH
▪️ Tagline: "The Elite Autonomous Windows Bridge, See. Reason. Execute."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 11th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-11th-2026/
Title: Daily Dose of Dark Web Informer - May 11th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-11th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 11th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
‼️🇮🇩 Kementerian Kesehatan Republik Indonesia allegedly leaked exposing 20 million antigen test records from the Indonesian Ministry of Health
A threat actor claims to have leaked a database of 20 million antigen test records linked to Kementerian Kesehatan Republik Indonesia, the Ministry of Health of the Republic of Indonesia.
The CSV sample shows full patient identity data tied to antigen testing performed at health facilities across Indonesia, including national identity numbers (NIC), phone numbers, dates of birth, full addresses with sub-district level detail, and test result status.
Sample entries reference locations such as Jakarta Selatan, BSD Serpong Tangerang Selatan, and dates ranging from 2022 onward.
Post details:
▸ Actor(s): XSVSHACKER
▸ Sector: Government / Healthcare
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Not disclosed
▸ Records: 20,000,000
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Patient ID
▪️ Name
▪️ NIC (national identity number)
▪️ Age
▪️ Phone number
▪️ Address (full street, sub-district, district, province)
▪️ Health facility name
▪️ Citizenship status
▪️ Date of birth
▪️ Test status (e.g., Negative)
▪️ Test date and timestamp
▪️ Facility codes and regional identifiers
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database of 20 million antigen test records linked to Kementerian Kesehatan Republik Indonesia, the Ministry of Health of the Republic of Indonesia.
The CSV sample shows full patient identity data tied to antigen testing performed at health facilities across Indonesia, including national identity numbers (NIC), phone numbers, dates of birth, full addresses with sub-district level detail, and test result status.
Sample entries reference locations such as Jakarta Selatan, BSD Serpong Tangerang Selatan, and dates ranging from 2022 onward.
Post details:
▸ Actor(s): XSVSHACKER
▸ Sector: Government / Healthcare
▸ Type: Data Leak
▸ Format: CSV
▸ Price: Not disclosed
▸ Records: 20,000,000
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Patient ID
▪️ Name
▪️ NIC (national identity number)
▪️ Age
▪️ Phone number
▪️ Address (full street, sub-district, district, province)
▪️ Health facility name
▪️ Citizenship status
▪️ Date of birth
▪️ Test status (e.g., Negative)
▪️ Test date and timestamp
▪️ Facility codes and regional identifiers
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
1🔥1
Media is too big
VIEW IN TELEGRAM
Data theft: Teen arrested over hacking of French government website
Note: This is about the arrest of "breach3d" on a short news clip.
Video Credit: youtube.com/@France24_en
Note: This is about the arrest of "breach3d" on a short news clip.
Video Credit: youtube.com/@France24_en
😭6❤2😈1
Over 800 alerts on the Threat Feed today & it will probably just keep growing.
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
❤2
‼️🇧🇷 MBet allegedly breached exposing 200,000+ KYC documents and 300,000+ PII records from the Brazilian online casino and sports betting platform
A threat actor claims that in May 2026, MBet (Apostas Esportivas / Casa de Apostas Online), a Brazilian online casino and sports betting operator, suffered a successful cyber intrusion resulting in the full compromise of its customer database including KYC and PII records.
The total dump is sized at 251 GB and includes more than 200,000 identity documents (bills, ID cards, handheld ID and selfie verifications) and over 300,000 PII records. The actor has released a partial leak containing 1 GB of KYC material and 5,000 PII records as a sample, with the remainder being held for sale.
Post details:
▸ Actor(s): zSenior (VIP)
▸ Sector: Online Gambling / Sports Betting
▸ Type: Data Breach / Partial Leak with Sale
▸ Format: CSV (PII) and image/PDF folders per user (KYC)
▸ Price: Not disclosed (partial sample released free, full dump for sale)
▸ Records: 300,000+ PII records and 200,000+ KYC documents (251 GB total)
▸ Country: Brazil
▸ Date: 11/05/2026
Compromised data:
KYC documents (over 200,000 total):
▪️ Utility bills
▪️ ID cards
▪️ Handheld ID photos (document held in hand by user)
▪️ Selfie verification photos
▪️ Other identity verification documents
▪️ Organized in per-user folders labelled address, identity, and selfie
PII records (over 300,000 total):
▪️ ID
▪️ Name (Nome)
▪️ Email
▪️ Account creation date (Criado em)
▪️ Country (País)
▪️ Phone 1 (Telefone1)
▪️ Phone 2 (Telefone2)
▪️ CPF (Brazilian taxpayer ID)
▪️ Inviter and Inviter Code
▪️ First name (Primeiro Nome)
▪️ Surname (Sobrenome)
▪️ Mother's name (Nome da Mãe)
▪️ Date of birth (Data de Nascimento)
▪️ Display name (Nome de Visualização)
▪️ Withdrawal balance (Saldo Saque)
▪️ Bonus balance (Saldo Bônus)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims that in May 2026, MBet (Apostas Esportivas / Casa de Apostas Online), a Brazilian online casino and sports betting operator, suffered a successful cyber intrusion resulting in the full compromise of its customer database including KYC and PII records.
The total dump is sized at 251 GB and includes more than 200,000 identity documents (bills, ID cards, handheld ID and selfie verifications) and over 300,000 PII records. The actor has released a partial leak containing 1 GB of KYC material and 5,000 PII records as a sample, with the remainder being held for sale.
Post details:
▸ Actor(s): zSenior (VIP)
▸ Sector: Online Gambling / Sports Betting
▸ Type: Data Breach / Partial Leak with Sale
▸ Format: CSV (PII) and image/PDF folders per user (KYC)
▸ Price: Not disclosed (partial sample released free, full dump for sale)
▸ Records: 300,000+ PII records and 200,000+ KYC documents (251 GB total)
▸ Country: Brazil
▸ Date: 11/05/2026
Compromised data:
KYC documents (over 200,000 total):
▪️ Utility bills
▪️ ID cards
▪️ Handheld ID photos (document held in hand by user)
▪️ Selfie verification photos
▪️ Other identity verification documents
▪️ Organized in per-user folders labelled address, identity, and selfie
PII records (over 300,000 total):
▪️ ID
▪️ Name (Nome)
▪️ Email
▪️ Account creation date (Criado em)
▪️ Country (País)
▪️ Phone 1 (Telefone1)
▪️ Phone 2 (Telefone2)
▪️ CPF (Brazilian taxpayer ID)
▪️ Inviter and Inviter Code
▪️ First name (Primeiro Nome)
▪️ Surname (Sobrenome)
▪️ Mother's name (Nome da Mãe)
▪️ Date of birth (Data de Nascimento)
▪️ Display name (Nome de Visualização)
▪️ Withdrawal balance (Saldo Saque)
▪️ Bonus balance (Saldo Bônus)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1
🔪 Slice For Life - Part 2 🔪
‼️ Looks like Instructure made payment to ShinyHunters
I mean I get it. I have always been the type of person who thinks if its in your best interest to make a ransom payment that one should probably be made. There will always be doubt whether Shiny actually deleted that data or is keeping it as a trophy. Edit: Just my thoughts/opinion.
❤5
‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, UnDefend, BlueHammer
YellowKey: Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
GreenPlasma: Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
YellowKey: Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
GreenPlasma: Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥3
🔪 Slice For Life - Part 2 🔪
‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, UnDefend, BlueHammer YellowKey: Bitlocker Bypass Vulnerability https://github.com/Nightmare-Eclipse/YellowKey GreenPlasma: Windows CTFMON Arbitrary Section Creation…
The two repos are currently empty, but looks like they will be added to very soon.
❤1
‼️🇦🇪 SIVVI allegedly breached exposing approximately 300,000 customer records from the Dubai-based fashion e-commerce platform
A threat actor claims to have breached SIVVI, a Dubai-based fashion e-commerce platform founded in 2014 by Rashid Alabbar and now owned by noon, delivering to customers across the United Arab Emirates, Saudi Arabia, and other Gulf states.
The actor states the dataset provides a detailed view of the organization's operations including user data, addresses, product catalog, orders, and order items, and is structured into interconnected sections suitable for data analysis and structural research.
Sample rows show UAE-based customer accounts including names, Emirati phone numbers, cities such as Dubai, Abu Dhabi, Sharjah, and Ajman, customer segmentation tiers (VIP, Returning, Occasional, Inactive), and lifetime spending values.
Post details:
▸ Actor(s): Databroker1
▸ Sector: Retail / Fashion E-Commerce
▸ Type: Data Breach / Data Sale
▸ Format: SQL/CSV (multi-table structured dataset)
▸ Price: Not disclosed (selling, escrow accepted)
▸ Records: ~300,000 UAE customers
▸ Country: United Arab Emirates
▸ Date: 11/05/2026
Compromised data:
Users Core Table:
▪️ user_id
▪️ email
▪️ phone_number
▪️ status (active/inactive)
▪️ created_at
▪️ last_login
▪️ account_type
Customer Profile:
▪️ user_id
▪️ full_name
▪️ gender
▪️ age_group
▪️ country
▪️ city
▪️ customer_segment (VIP, Returning, Occasional, Inactive)
▪️ lifetime_value
▪️ average_order_value (aov)
▪️ last_order_date
Behavior Tracking (Events):
▪️ event_id
▪️ user_id
▪️ event_type
▪️ product_id
▪️ event_value
▪️ timestamp
Segmentation Table:
▪️ user_id
▪️ segment
▪️ reason
▪️ updated_at
Engagement Metrics:
▪️ user_id
▪️ total_sessions
▪️ avg_session_time_minutes
▪️ cart_abandon_rate
▪️ email_open_rate
▪️ push_notification_opt_in
Loyalty Integration:
▪️ user_id
▪️ loyalty_points
▪️ tier
▪️ points_earned
▪️ points_redeemed
▪️ last_updated
Marketing Campaigns:
▪️ campaign_id
▪️ campaign_name
▪️ target_segment
▪️ channel
▪️ start_date
▪️ end_date
▪️ status
Campaign Results:
▪️ campaign_id
▪️ sent_users
▪️ open_rate
▪️ click_rate
▪️ conversion_rate
▪️ revenue_generated
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached SIVVI, a Dubai-based fashion e-commerce platform founded in 2014 by Rashid Alabbar and now owned by noon, delivering to customers across the United Arab Emirates, Saudi Arabia, and other Gulf states.
The actor states the dataset provides a detailed view of the organization's operations including user data, addresses, product catalog, orders, and order items, and is structured into interconnected sections suitable for data analysis and structural research.
Sample rows show UAE-based customer accounts including names, Emirati phone numbers, cities such as Dubai, Abu Dhabi, Sharjah, and Ajman, customer segmentation tiers (VIP, Returning, Occasional, Inactive), and lifetime spending values.
Post details:
▸ Actor(s): Databroker1
▸ Sector: Retail / Fashion E-Commerce
▸ Type: Data Breach / Data Sale
▸ Format: SQL/CSV (multi-table structured dataset)
▸ Price: Not disclosed (selling, escrow accepted)
▸ Records: ~300,000 UAE customers
▸ Country: United Arab Emirates
▸ Date: 11/05/2026
Compromised data:
Users Core Table:
▪️ user_id
▪️ email
▪️ phone_number
▪️ status (active/inactive)
▪️ created_at
▪️ last_login
▪️ account_type
Customer Profile:
▪️ user_id
▪️ full_name
▪️ gender
▪️ age_group
▪️ country
▪️ city
▪️ customer_segment (VIP, Returning, Occasional, Inactive)
▪️ lifetime_value
▪️ average_order_value (aov)
▪️ last_order_date
Behavior Tracking (Events):
▪️ event_id
▪️ user_id
▪️ event_type
▪️ product_id
▪️ event_value
▪️ timestamp
Segmentation Table:
▪️ user_id
▪️ segment
▪️ reason
▪️ updated_at
Engagement Metrics:
▪️ user_id
▪️ total_sessions
▪️ avg_session_time_minutes
▪️ cart_abandon_rate
▪️ email_open_rate
▪️ push_notification_opt_in
Loyalty Integration:
▪️ user_id
▪️ loyalty_points
▪️ tier
▪️ points_earned
▪️ points_redeemed
▪️ last_updated
Marketing Campaigns:
▪️ campaign_id
▪️ campaign_name
▪️ target_segment
▪️ channel
▪️ start_date
▪️ end_date
▪️ status
Campaign Results:
▪️ campaign_id
▪️ sent_users
▪️ open_rate
▪️ click_rate
▪️ conversion_rate
▪️ revenue_generated
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇩 BPJS Ketenagakerjaan Kota Metro allegedly leaked exposing personal data of RT, RW, and LPM neighborhood officials in Karangrejo, North Metro, Indonesia
A threat actor claims to have leaked a dataset of BPJS Ketenagakerjaan (Indonesian Workers' Social Security Agency) participants for the Karangrejo sub-district under Kecamatan Metro Utara (North Metro District) in Kota Metro, Lampung, Indonesia.
The leaked records cover RT (Rukun Tetangga), RW (Rukun Warga), and LPM (Lembaga Pemberdayaan Masyarakat) neighborhood and community board officials. The dataset is published as a PDF containing identity records, government-issued identifiers, and contact details, with sample entries showing officials' full names, positions (Ketua RW and Ketua RT), birthplaces, and national identity numbers dating back to assignments under the local government portal of Pemerintah Kota Metro.
Post details:
▸ Actor(s): [Citizen] JAX7
▸ Sector: Government / Social Security / Local Administration
▸ Type: Data Leak
▸ Format: PDF
▸ Price: Free
▸ Records: Karangrejo sub-district RT, RW, and LPM officials
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Full name (Nama Lengkap)
▪️ Position (Jabatan, e.g., Ketua RW, Ketua RT)
▪️ Place of birth (Tempat Lahir)
▪️ Date of birth (Tgl. Lahir)
▪️ KTP number (Nomor KTP, Indonesian national identity card)
▪️ KK number (Nomor KK, family card number)
▪️ Phone number (No HP)
▪️ Email address
▪️ Sub-district and assignment area (Kecamatan, Kelurahan)
▪️ BPJS contact person details (Nama Kontak Person, No HP Kontak Person, Email)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a dataset of BPJS Ketenagakerjaan (Indonesian Workers' Social Security Agency) participants for the Karangrejo sub-district under Kecamatan Metro Utara (North Metro District) in Kota Metro, Lampung, Indonesia.
The leaked records cover RT (Rukun Tetangga), RW (Rukun Warga), and LPM (Lembaga Pemberdayaan Masyarakat) neighborhood and community board officials. The dataset is published as a PDF containing identity records, government-issued identifiers, and contact details, with sample entries showing officials' full names, positions (Ketua RW and Ketua RT), birthplaces, and national identity numbers dating back to assignments under the local government portal of Pemerintah Kota Metro.
Post details:
▸ Actor(s): [Citizen] JAX7
▸ Sector: Government / Social Security / Local Administration
▸ Type: Data Leak
▸ Format: PDF
▸ Price: Free
▸ Records: Karangrejo sub-district RT, RW, and LPM officials
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Full name (Nama Lengkap)
▪️ Position (Jabatan, e.g., Ketua RW, Ketua RT)
▪️ Place of birth (Tempat Lahir)
▪️ Date of birth (Tgl. Lahir)
▪️ KTP number (Nomor KTP, Indonesian national identity card)
▪️ KK number (Nomor KK, family card number)
▪️ Phone number (No HP)
▪️ Email address
▪️ Sub-district and assignment area (Kecamatan, Kelurahan)
▪️ BPJS contact person details (Nama Kontak Person, No HP Kontak Person, Email)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
Looks like the domain was indeed suspended by the registrar as of now. I will follow up if anything more comes of it. The Pay or Leak portal is still online.
ShinyHunters confirms their clearnet domain was suspended and it is no longer operated or owned by them anymore.
‼️ TeamPCP has open sourced Shai-Hulud
https://github.com/hmoreirar/Shai-Hulud-Open-Source
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://github.com/hmoreirar/Shai-Hulud-Open-Source
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤2