Over 800 alerts on the Threat Feed today & it will probably just keep growing.
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
With that being said im looking into additional notification features that reduce noise & possible alert fatigue for those who want to see everything. I will provide an update to this later this week
❤2
‼️🇧🇷 MBet allegedly breached exposing 200,000+ KYC documents and 300,000+ PII records from the Brazilian online casino and sports betting platform
A threat actor claims that in May 2026, MBet (Apostas Esportivas / Casa de Apostas Online), a Brazilian online casino and sports betting operator, suffered a successful cyber intrusion resulting in the full compromise of its customer database including KYC and PII records.
The total dump is sized at 251 GB and includes more than 200,000 identity documents (bills, ID cards, handheld ID and selfie verifications) and over 300,000 PII records. The actor has released a partial leak containing 1 GB of KYC material and 5,000 PII records as a sample, with the remainder being held for sale.
Post details:
▸ Actor(s): zSenior (VIP)
▸ Sector: Online Gambling / Sports Betting
▸ Type: Data Breach / Partial Leak with Sale
▸ Format: CSV (PII) and image/PDF folders per user (KYC)
▸ Price: Not disclosed (partial sample released free, full dump for sale)
▸ Records: 300,000+ PII records and 200,000+ KYC documents (251 GB total)
▸ Country: Brazil
▸ Date: 11/05/2026
Compromised data:
KYC documents (over 200,000 total):
▪️ Utility bills
▪️ ID cards
▪️ Handheld ID photos (document held in hand by user)
▪️ Selfie verification photos
▪️ Other identity verification documents
▪️ Organized in per-user folders labelled address, identity, and selfie
PII records (over 300,000 total):
▪️ ID
▪️ Name (Nome)
▪️ Email
▪️ Account creation date (Criado em)
▪️ Country (País)
▪️ Phone 1 (Telefone1)
▪️ Phone 2 (Telefone2)
▪️ CPF (Brazilian taxpayer ID)
▪️ Inviter and Inviter Code
▪️ First name (Primeiro Nome)
▪️ Surname (Sobrenome)
▪️ Mother's name (Nome da Mãe)
▪️ Date of birth (Data de Nascimento)
▪️ Display name (Nome de Visualização)
▪️ Withdrawal balance (Saldo Saque)
▪️ Bonus balance (Saldo Bônus)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims that in May 2026, MBet (Apostas Esportivas / Casa de Apostas Online), a Brazilian online casino and sports betting operator, suffered a successful cyber intrusion resulting in the full compromise of its customer database including KYC and PII records.
The total dump is sized at 251 GB and includes more than 200,000 identity documents (bills, ID cards, handheld ID and selfie verifications) and over 300,000 PII records. The actor has released a partial leak containing 1 GB of KYC material and 5,000 PII records as a sample, with the remainder being held for sale.
Post details:
▸ Actor(s): zSenior (VIP)
▸ Sector: Online Gambling / Sports Betting
▸ Type: Data Breach / Partial Leak with Sale
▸ Format: CSV (PII) and image/PDF folders per user (KYC)
▸ Price: Not disclosed (partial sample released free, full dump for sale)
▸ Records: 300,000+ PII records and 200,000+ KYC documents (251 GB total)
▸ Country: Brazil
▸ Date: 11/05/2026
Compromised data:
KYC documents (over 200,000 total):
▪️ Utility bills
▪️ ID cards
▪️ Handheld ID photos (document held in hand by user)
▪️ Selfie verification photos
▪️ Other identity verification documents
▪️ Organized in per-user folders labelled address, identity, and selfie
PII records (over 300,000 total):
▪️ ID
▪️ Name (Nome)
▪️ Email
▪️ Account creation date (Criado em)
▪️ Country (País)
▪️ Phone 1 (Telefone1)
▪️ Phone 2 (Telefone2)
▪️ CPF (Brazilian taxpayer ID)
▪️ Inviter and Inviter Code
▪️ First name (Primeiro Nome)
▪️ Surname (Sobrenome)
▪️ Mother's name (Nome da Mãe)
▪️ Date of birth (Data de Nascimento)
▪️ Display name (Nome de Visualização)
▪️ Withdrawal balance (Saldo Saque)
▪️ Bonus balance (Saldo Bônus)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1
🔪 Slice For Life - Part 2 🔪
‼️ Looks like Instructure made payment to ShinyHunters
I mean I get it. I have always been the type of person who thinks if its in your best interest to make a ransom payment that one should probably be made. There will always be doubt whether Shiny actually deleted that data or is keeping it as a trophy. Edit: Just my thoughts/opinion.
❤5
‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, UnDefend, BlueHammer
YellowKey: Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
GreenPlasma: Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
YellowKey: Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
GreenPlasma: Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥3
🔪 Slice For Life - Part 2 🔪
‼️ Nightmare-Eclipse has just released two new GitHub repositories... Same user behind RedSun, UnDefend, BlueHammer YellowKey: Bitlocker Bypass Vulnerability https://github.com/Nightmare-Eclipse/YellowKey GreenPlasma: Windows CTFMON Arbitrary Section Creation…
The two repos are currently empty, but looks like they will be added to very soon.
❤1
‼️🇦🇪 SIVVI allegedly breached exposing approximately 300,000 customer records from the Dubai-based fashion e-commerce platform
A threat actor claims to have breached SIVVI, a Dubai-based fashion e-commerce platform founded in 2014 by Rashid Alabbar and now owned by noon, delivering to customers across the United Arab Emirates, Saudi Arabia, and other Gulf states.
The actor states the dataset provides a detailed view of the organization's operations including user data, addresses, product catalog, orders, and order items, and is structured into interconnected sections suitable for data analysis and structural research.
Sample rows show UAE-based customer accounts including names, Emirati phone numbers, cities such as Dubai, Abu Dhabi, Sharjah, and Ajman, customer segmentation tiers (VIP, Returning, Occasional, Inactive), and lifetime spending values.
Post details:
▸ Actor(s): Databroker1
▸ Sector: Retail / Fashion E-Commerce
▸ Type: Data Breach / Data Sale
▸ Format: SQL/CSV (multi-table structured dataset)
▸ Price: Not disclosed (selling, escrow accepted)
▸ Records: ~300,000 UAE customers
▸ Country: United Arab Emirates
▸ Date: 11/05/2026
Compromised data:
Users Core Table:
▪️ user_id
▪️ email
▪️ phone_number
▪️ status (active/inactive)
▪️ created_at
▪️ last_login
▪️ account_type
Customer Profile:
▪️ user_id
▪️ full_name
▪️ gender
▪️ age_group
▪️ country
▪️ city
▪️ customer_segment (VIP, Returning, Occasional, Inactive)
▪️ lifetime_value
▪️ average_order_value (aov)
▪️ last_order_date
Behavior Tracking (Events):
▪️ event_id
▪️ user_id
▪️ event_type
▪️ product_id
▪️ event_value
▪️ timestamp
Segmentation Table:
▪️ user_id
▪️ segment
▪️ reason
▪️ updated_at
Engagement Metrics:
▪️ user_id
▪️ total_sessions
▪️ avg_session_time_minutes
▪️ cart_abandon_rate
▪️ email_open_rate
▪️ push_notification_opt_in
Loyalty Integration:
▪️ user_id
▪️ loyalty_points
▪️ tier
▪️ points_earned
▪️ points_redeemed
▪️ last_updated
Marketing Campaigns:
▪️ campaign_id
▪️ campaign_name
▪️ target_segment
▪️ channel
▪️ start_date
▪️ end_date
▪️ status
Campaign Results:
▪️ campaign_id
▪️ sent_users
▪️ open_rate
▪️ click_rate
▪️ conversion_rate
▪️ revenue_generated
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached SIVVI, a Dubai-based fashion e-commerce platform founded in 2014 by Rashid Alabbar and now owned by noon, delivering to customers across the United Arab Emirates, Saudi Arabia, and other Gulf states.
The actor states the dataset provides a detailed view of the organization's operations including user data, addresses, product catalog, orders, and order items, and is structured into interconnected sections suitable for data analysis and structural research.
Sample rows show UAE-based customer accounts including names, Emirati phone numbers, cities such as Dubai, Abu Dhabi, Sharjah, and Ajman, customer segmentation tiers (VIP, Returning, Occasional, Inactive), and lifetime spending values.
Post details:
▸ Actor(s): Databroker1
▸ Sector: Retail / Fashion E-Commerce
▸ Type: Data Breach / Data Sale
▸ Format: SQL/CSV (multi-table structured dataset)
▸ Price: Not disclosed (selling, escrow accepted)
▸ Records: ~300,000 UAE customers
▸ Country: United Arab Emirates
▸ Date: 11/05/2026
Compromised data:
Users Core Table:
▪️ user_id
▪️ email
▪️ phone_number
▪️ status (active/inactive)
▪️ created_at
▪️ last_login
▪️ account_type
Customer Profile:
▪️ user_id
▪️ full_name
▪️ gender
▪️ age_group
▪️ country
▪️ city
▪️ customer_segment (VIP, Returning, Occasional, Inactive)
▪️ lifetime_value
▪️ average_order_value (aov)
▪️ last_order_date
Behavior Tracking (Events):
▪️ event_id
▪️ user_id
▪️ event_type
▪️ product_id
▪️ event_value
▪️ timestamp
Segmentation Table:
▪️ user_id
▪️ segment
▪️ reason
▪️ updated_at
Engagement Metrics:
▪️ user_id
▪️ total_sessions
▪️ avg_session_time_minutes
▪️ cart_abandon_rate
▪️ email_open_rate
▪️ push_notification_opt_in
Loyalty Integration:
▪️ user_id
▪️ loyalty_points
▪️ tier
▪️ points_earned
▪️ points_redeemed
▪️ last_updated
Marketing Campaigns:
▪️ campaign_id
▪️ campaign_name
▪️ target_segment
▪️ channel
▪️ start_date
▪️ end_date
▪️ status
Campaign Results:
▪️ campaign_id
▪️ sent_users
▪️ open_rate
▪️ click_rate
▪️ conversion_rate
▪️ revenue_generated
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇩 BPJS Ketenagakerjaan Kota Metro allegedly leaked exposing personal data of RT, RW, and LPM neighborhood officials in Karangrejo, North Metro, Indonesia
A threat actor claims to have leaked a dataset of BPJS Ketenagakerjaan (Indonesian Workers' Social Security Agency) participants for the Karangrejo sub-district under Kecamatan Metro Utara (North Metro District) in Kota Metro, Lampung, Indonesia.
The leaked records cover RT (Rukun Tetangga), RW (Rukun Warga), and LPM (Lembaga Pemberdayaan Masyarakat) neighborhood and community board officials. The dataset is published as a PDF containing identity records, government-issued identifiers, and contact details, with sample entries showing officials' full names, positions (Ketua RW and Ketua RT), birthplaces, and national identity numbers dating back to assignments under the local government portal of Pemerintah Kota Metro.
Post details:
▸ Actor(s): [Citizen] JAX7
▸ Sector: Government / Social Security / Local Administration
▸ Type: Data Leak
▸ Format: PDF
▸ Price: Free
▸ Records: Karangrejo sub-district RT, RW, and LPM officials
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Full name (Nama Lengkap)
▪️ Position (Jabatan, e.g., Ketua RW, Ketua RT)
▪️ Place of birth (Tempat Lahir)
▪️ Date of birth (Tgl. Lahir)
▪️ KTP number (Nomor KTP, Indonesian national identity card)
▪️ KK number (Nomor KK, family card number)
▪️ Phone number (No HP)
▪️ Email address
▪️ Sub-district and assignment area (Kecamatan, Kelurahan)
▪️ BPJS contact person details (Nama Kontak Person, No HP Kontak Person, Email)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a dataset of BPJS Ketenagakerjaan (Indonesian Workers' Social Security Agency) participants for the Karangrejo sub-district under Kecamatan Metro Utara (North Metro District) in Kota Metro, Lampung, Indonesia.
The leaked records cover RT (Rukun Tetangga), RW (Rukun Warga), and LPM (Lembaga Pemberdayaan Masyarakat) neighborhood and community board officials. The dataset is published as a PDF containing identity records, government-issued identifiers, and contact details, with sample entries showing officials' full names, positions (Ketua RW and Ketua RT), birthplaces, and national identity numbers dating back to assignments under the local government portal of Pemerintah Kota Metro.
Post details:
▸ Actor(s): [Citizen] JAX7
▸ Sector: Government / Social Security / Local Administration
▸ Type: Data Leak
▸ Format: PDF
▸ Price: Free
▸ Records: Karangrejo sub-district RT, RW, and LPM officials
▸ Country: Indonesia
▸ Date: 11/05/2026
Compromised data:
▪️ Full name (Nama Lengkap)
▪️ Position (Jabatan, e.g., Ketua RW, Ketua RT)
▪️ Place of birth (Tempat Lahir)
▪️ Date of birth (Tgl. Lahir)
▪️ KTP number (Nomor KTP, Indonesian national identity card)
▪️ KK number (Nomor KK, family card number)
▪️ Phone number (No HP)
▪️ Email address
▪️ Sub-district and assignment area (Kecamatan, Kelurahan)
▪️ BPJS contact person details (Nama Kontak Person, No HP Kontak Person, Email)
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔪 Slice For Life - Part 2 🔪
Looks like the domain was indeed suspended by the registrar as of now. I will follow up if anything more comes of it. The Pay or Leak portal is still online.
ShinyHunters confirms their clearnet domain was suspended and it is no longer operated or owned by them anymore.
‼️ TeamPCP has open sourced Shai-Hulud
https://github.com/hmoreirar/Shai-Hulud-Open-Source
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://github.com/hmoreirar/Shai-Hulud-Open-Source
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤2
‼️ New Dark Web Informer Blog Post!
Title: Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority
Link: https://darkwebinformer.com/public-authority-for-civil-information-allegedly-breached-exposing-5-23-million-kuwaiti-citizen-records-from-the-kuwaiti-government-identity-authority/
Title: Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority
Link: https://darkwebinformer.com/public-authority-for-civil-information-allegedly-breached-exposing-5-23-million-kuwaiti-citizen-records-from-the-kuwaiti-government-identity-authority/
Dark Web Informer
Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government…
Breach Report · Kuwait
Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority
A threat actor claims to have breached the Public Authority for Civil Information…
Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority
A threat actor claims to have breached the Public Authority for Civil Information…
❤1🔥1
🔪 Slice For Life - Part 2 🔪
ShinyHunters confirms their clearnet domain was suspended and it is no longer operated or owned by them anymore.
Shiny updated shortly after I made the original post.
‼️ A threat actor is selling a private cloud-hosted collection of stealer logs totaling 988.7 GB across more than 10,080 files in URL:Login:Password format.
The data is hosted on an external domain and marketed as "exclusive."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The data is hosted on an external domain and marketed as "exclusive."
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
I'm *considering* making a wall of shame or hall of shame page, because why not.
❤1
‼️ New Dark Web Informer Blog Post!
Title: FutureShop Egypt Allegedly Breached Exposing Thousands of Customer, Order, and Delivery Records From the Egyptian Grocery Delivery Platform
Link: https://darkwebinformer.com/futureshop-egypt-allegedly-breached-exposing-thousands-of-customer-order-and-delivery-records-from-the-egyptian-grocery-delivery-platform/
Title: FutureShop Egypt Allegedly Breached Exposing Thousands of Customer, Order, and Delivery Records From the Egyptian Grocery Delivery Platform
Link: https://darkwebinformer.com/futureshop-egypt-allegedly-breached-exposing-thousands-of-customer-order-and-delivery-records-from-the-egyptian-grocery-delivery-platform/
Dark Web Informer
FutureShop Egypt Allegedly Breached Exposing Thousands of Customer, Order, and Delivery Records From the Egyptian Grocery Delivery…
A threat actor claims to have breached FutureShop Egypt, an Egyptian grocery delivery platform, by exploiting an entirely exposed API that required no authentication.
‼️🇺🇸 313 Team is claiming to target Spotify
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations