‼️🇮🇹 KRIA S.r.l. allegedly breached: 2.03 GB of speed and red-light enforcement data exposed from the Italian traffic monitoring technology vendor
A threat actor is selling a 2.03 GB dump allegedly exfiltrated from KRIA S.r.l., the Italian traffic enforcement technology company based in Seregno that manufactures the T-EXSPEED speed measurement system and T-REDSPEED red-light violation detection system used by Italian municipalities and traffic police.
The dump covers data from 2021 through 2026 and includes the full T-EXSPEED and T-REDSPEED software suite, complete MySQL databases of recorded violations, raw photos and videos from installations across Italian municipalities including Vicenza, Gemonio (VA), and Besozzo, along with device configurations, server credentials, and technical documentation. Sample evidence shows red-light violation records from Via San Vitale 3, Seregno, including timestamped vehicle plate captures and frame-by-frame imagery from system ID 441.
▸ Actor: prtsc
▸ Sector: Government Technology / Traffic Enforcement / Public Safety
▸ Type: Data Sale
▸ Format: Mixed (software binaries, MySQL dumps, photos, videos, configs)
▸ Records: 2.03 GB covering 2021 through 2026
▸ Price: 1,500 USDT
▸ Country: Italy
▸ Date: 12/05/2026
Compromised data:
▪️ T-EXSPEED software (original installer plus backups and install files)
▪️ T-REDSPEED software (original installer plus backups and install files)
▪️ Complete MySQL database covering events, violations, plates, statistics, whitelist, blacklist, and reports
▪️ Real speed and red-light violation records logged by deployed cameras
▪️ Original photos and videos from Italian installations, including Vicenza, Gemonio (VA), and other municipalities
▪️ Camera configurations, calibration files, and project settings
▪️ Device list and server credentials
▪️ Hardware information and inventory
▪️ Technical documents and internal reports
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling a 2.03 GB dump allegedly exfiltrated from KRIA S.r.l., the Italian traffic enforcement technology company based in Seregno that manufactures the T-EXSPEED speed measurement system and T-REDSPEED red-light violation detection system used by Italian municipalities and traffic police.
The dump covers data from 2021 through 2026 and includes the full T-EXSPEED and T-REDSPEED software suite, complete MySQL databases of recorded violations, raw photos and videos from installations across Italian municipalities including Vicenza, Gemonio (VA), and Besozzo, along with device configurations, server credentials, and technical documentation. Sample evidence shows red-light violation records from Via San Vitale 3, Seregno, including timestamped vehicle plate captures and frame-by-frame imagery from system ID 441.
▸ Actor: prtsc
▸ Sector: Government Technology / Traffic Enforcement / Public Safety
▸ Type: Data Sale
▸ Format: Mixed (software binaries, MySQL dumps, photos, videos, configs)
▸ Records: 2.03 GB covering 2021 through 2026
▸ Price: 1,500 USDT
▸ Country: Italy
▸ Date: 12/05/2026
Compromised data:
▪️ T-EXSPEED software (original installer plus backups and install files)
▪️ T-REDSPEED software (original installer plus backups and install files)
▪️ Complete MySQL database covering events, violations, plates, statistics, whitelist, blacklist, and reports
▪️ Real speed and red-light violation records logged by deployed cameras
▪️ Original photos and videos from Italian installations, including Vicenza, Gemonio (VA), and other municipalities
▪️ Camera configurations, calibration files, and project settings
▪️ Device list and server credentials
▪️ Hardware information and inventory
▪️ Technical documents and internal reports
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇶 Iraqi Ministry of Interior allegedly breached: 2025-2026 census data exposed from the Iraqi government civil registry and vehicle registration systems
A threat actor is selling Iraq's 2025-2026 census data, sourced from the Iraqi Ministry of Interior's Directorate of General Nationality and Central Information Office. The sample images show official Iraqi civil status identity cards, vehicle registration licences (with MRZ data), and family registry record cards, alongside structured digital records covering civil identity, vehicle registration, and family lineage data tied to specific governorates including Erbil, Sulaymaniyah (Kifri district), and Khabat.
▸ Actor: OxO (VIP)
▸ Sector: Government / Civil Registry / Vehicle Registration
▸ Type: Data Sale
▸ Records: 2025-2026 Iraqi census records
▸ Country: Iraq
▸ Date: 14/05/2026
Compromised data:
Civil Identity (Official Civil Status Identity, Iraq):
▪️ Full name (Arabic and English)
▪️ Alias
▪️ ID type and ID number
▪️ Citizenship status (e.g., "Displaced Iraqi")
▪️ Mobile phone number
▪️ Workplace (e.g., Ministry of Education)
▪️ Gender
▪️ Marital status
▪️ Birth date
▪️ Province (e.g., Erbil)
▪️ District (e.g., Khabat)
▪️ Vaccination centre (e.g., BAHRKA CAMP)
▪️ Emergency contact number
Vehicle Registration (Ministry of Interior, Iraq Licence):
▪️ Name in English and Arabic
▪️ Licence number
▪️ Issue date and expiry date
▪️ VIN code
▪️ National ID reference
▪️ Additional ID
▪️ Gender
Family Registry:
▪️ Family number
▪️ Province (e.g., Sulaymaniyah)
▪️ Location (e.g., maternity hospital, Kifri district)
▪️ Sub-district (e.g., Kifri)
▪️ Full names of family members
▪️ Dates of birth for each member spanning multiple generations (samples from 1945 through 1988)
▪️ Governorate of registration
Physical document samples:
▪️ Republic of Iraq Vehicle Registration Licence cards
▪️ Ministry of Interior civil identity cards with MRZ
▪️ Family member information record cards from the Directorate of General Nationality
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is selling Iraq's 2025-2026 census data, sourced from the Iraqi Ministry of Interior's Directorate of General Nationality and Central Information Office. The sample images show official Iraqi civil status identity cards, vehicle registration licences (with MRZ data), and family registry record cards, alongside structured digital records covering civil identity, vehicle registration, and family lineage data tied to specific governorates including Erbil, Sulaymaniyah (Kifri district), and Khabat.
▸ Actor: OxO (VIP)
▸ Sector: Government / Civil Registry / Vehicle Registration
▸ Type: Data Sale
▸ Records: 2025-2026 Iraqi census records
▸ Country: Iraq
▸ Date: 14/05/2026
Compromised data:
Civil Identity (Official Civil Status Identity, Iraq):
▪️ Full name (Arabic and English)
▪️ Alias
▪️ ID type and ID number
▪️ Citizenship status (e.g., "Displaced Iraqi")
▪️ Mobile phone number
▪️ Workplace (e.g., Ministry of Education)
▪️ Gender
▪️ Marital status
▪️ Birth date
▪️ Province (e.g., Erbil)
▪️ District (e.g., Khabat)
▪️ Vaccination centre (e.g., BAHRKA CAMP)
▪️ Emergency contact number
Vehicle Registration (Ministry of Interior, Iraq Licence):
▪️ Name in English and Arabic
▪️ Licence number
▪️ Issue date and expiry date
▪️ VIN code
▪️ National ID reference
▪️ Additional ID
▪️ Gender
Family Registry:
▪️ Family number
▪️ Province (e.g., Sulaymaniyah)
▪️ Location (e.g., maternity hospital, Kifri district)
▪️ Sub-district (e.g., Kifri)
▪️ Full names of family members
▪️ Dates of birth for each member spanning multiple generations (samples from 1945 through 1988)
▪️ Governorate of registration
Physical document samples:
▪️ Republic of Iraq Vehicle Registration Licence cards
▪️ Ministry of Interior civil identity cards with MRZ
▪️ Family member information record cards from the Directorate of General Nationality
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Xacria XNO Allegedly Breached: 446 Service Orders and Subscriber PII Exposed From the Italian Carrier-Grade Telecom Network Orchestration Platform Used by FASTWEB and SKY ITALIA
Link: https://darkwebinformer.com/xacria-xno-allegedly-breached-446-service-orders-and-subscriber-pii-exposed-from-the-italian-carrier-grade-telecom-network-orchestration-platform-used-by-fastweb-and-sky-italia-a-threat/
Title: Xacria XNO Allegedly Breached: 446 Service Orders and Subscriber PII Exposed From the Italian Carrier-Grade Telecom Network Orchestration Platform Used by FASTWEB and SKY ITALIA
Link: https://darkwebinformer.com/xacria-xno-allegedly-breached-446-service-orders-and-subscriber-pii-exposed-from-the-italian-carrier-grade-telecom-network-orchestration-platform-used-by-fastweb-and-sky-italia-a-threat/
Dark Web Informer
Xacria XNO Allegedly Breached: 446 Service Orders and Subscriber PII Exposed From the Italian Carrier-Grade Telecom Network Orchestration…
A threat actor claims to have breached Xacria XNO (Xacria Network Orchestrator), a carrier-grade, cloud-native network orchestration platform used by Tier 1, 2, and 3 telecommunications operators in Italy for zero-touch provisioning and automation of fiber…
Note: This claim has not been verified.
‼️Instagram private account viewing method allegedly sold by threat actor claiming "100% working bypass" of Instagram privacy controls
A threat actor is selling a method that allegedly allows the buyer to view posts and stories from private Instagram accounts and even react to them, claiming the technique works at 100% effectiveness.
The actor references the now-defunct Postegro Lili service and states that the existing market is full of scams, positioning their method as the only working one. The seller is intentionally limiting sales to 2 buyers to prevent the technique from being patched, with payment in cryptocurrency only and contact handled through Telegram.
▸ Actor: Darkode1 (MVP User)
▸ Sector: Social Media Abuse / OSINT Tools
▸ Type: Method Sale (Instagram privacy bypass)
▸ Price: $500 (crypto only)
▸ Records: Limited to 2 buyers
▸ Date: 14/05/2026
Method details:
▪️ Claims to allow viewing of posts and stories from private Instagram accounts
▪️ Claims to allow interaction including liking content from private accounts
▪️ Marketed as 100% working, in contrast to clones of the closed Postegro Lili service which the actor describes as scams
▪️ Sales artificially capped at 2 buyers to delay the method being patched by Instagram
Stop guessing what's redacted. Subscribers see everything → http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️Instagram private account viewing method allegedly sold by threat actor claiming "100% working bypass" of Instagram privacy controls
A threat actor is selling a method that allegedly allows the buyer to view posts and stories from private Instagram accounts and even react to them, claiming the technique works at 100% effectiveness.
The actor references the now-defunct Postegro Lili service and states that the existing market is full of scams, positioning their method as the only working one. The seller is intentionally limiting sales to 2 buyers to prevent the technique from being patched, with payment in cryptocurrency only and contact handled through Telegram.
▸ Actor: Darkode1 (MVP User)
▸ Sector: Social Media Abuse / OSINT Tools
▸ Type: Method Sale (Instagram privacy bypass)
▸ Price: $500 (crypto only)
▸ Records: Limited to 2 buyers
▸ Date: 14/05/2026
Method details:
▪️ Claims to allow viewing of posts and stories from private Instagram accounts
▪️ Claims to allow interaction including liking content from private accounts
▪️ Marketed as 100% working, in contrast to clones of the closed Postegro Lili service which the actor describes as scams
▪️ Sales artificially capped at 2 buyers to delay the method being patched by Instagram
Stop guessing what's redacted. Subscribers see everything → http://darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
😭2
‼️🇬🇹 Guatemalan Ministry of Finance allegedly breached: 130,000 RGAE registrations and 235,000 sensitive PDFs (324.5GB) exposed via IDOR and unauthenticated APIs
A threat actor claims to have compromised the Registro General de Adquisiciones del Estado (RGAE) system operated by the Guatemalan Ministry of Finance (Ministerio de Finanzas Públicas), the official state procurement registry.
The actor describes the breach as part of an ongoing "digital siege" against Guatemala, citing critical IDOR/BOLA vulnerabilities at /api/Solicitud/ObtenerSecciones and two open APIs without any security, including one connected to the Superintendencia de Administración Tributaria (SAT) at /api/sat/email.
The actor states that despite Cloudflare and a WAF being in place, the extraction was performed by simulating real traffic from ordinary web users to avoid alerting the system, allowing 130,000 registration records from 2020 to 2026 to be extracted, alongside 235,000 sensitive PDF documents totalling 324.5 GB.
A proof-of-concept 5,000-row CSV sample and a 200-PDF preview have been published.
▸ Actor: GordonFreeman (VIP), branded "LAT4MFUCK3RS"
▸ Sector: Government / Public Procurement / Finance
▸ Type: Data Breach (IDOR/BOLA, unauthenticated APIs)
▸ Records: 130,000 registrations + 235,000 PDFs (324.5 GB)
▸ Country: Guatemala
▸ Date: 14/05/2026
Compromised data:
Registration records (130,000 rows, 2020-2026):
▪️ ID
▪️ NIT (Guatemalan tax identification number)
▪️ CUI (Código Único de Identificación)
▪️ Nombre (full name)
▪️ Direccion (address)
▪️ Telefono (phone number)
▪️ Correo (email address)
▪️ Tipo_Org (organization type, Individual or Juridica)
PDF documents (235,000 files, 324.5 GB):
▪️ University degrees and diplomas
▪️ Ministry of Education teaching titles
▪️ SAT invoices (Facturas)
▪️ Negotiation minutes and articles of incorporation
▪️ Sports minutes (actas)
▪️ Simple agreements
▪️ Notarial acts (Protocolos with Diez Quetzales registry stamps)
▪️ Balance sheets
▪️ Bank certifications
▪️ Administrative contracts
▪️ Signed affidavits
▪️ Tax solvency certificates
▪️ Commercial patents
▪️ Scanned DPIs
▪️ Constitution of Sociedad Anónima documents
Vulnerability details:
▪️ IDOR/BOLA
▪️ Unauthenticated SAT API
▪️ Second unauthenticated API hosting all persons registered in RGAE
▪️ Cloudflare and WAF in place but bypassed via traffic simulation
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have compromised the Registro General de Adquisiciones del Estado (RGAE) system operated by the Guatemalan Ministry of Finance (Ministerio de Finanzas Públicas), the official state procurement registry.
The actor describes the breach as part of an ongoing "digital siege" against Guatemala, citing critical IDOR/BOLA vulnerabilities at /api/Solicitud/ObtenerSecciones and two open APIs without any security, including one connected to the Superintendencia de Administración Tributaria (SAT) at /api/sat/email.
The actor states that despite Cloudflare and a WAF being in place, the extraction was performed by simulating real traffic from ordinary web users to avoid alerting the system, allowing 130,000 registration records from 2020 to 2026 to be extracted, alongside 235,000 sensitive PDF documents totalling 324.5 GB.
A proof-of-concept 5,000-row CSV sample and a 200-PDF preview have been published.
▸ Actor: GordonFreeman (VIP), branded "LAT4MFUCK3RS"
▸ Sector: Government / Public Procurement / Finance
▸ Type: Data Breach (IDOR/BOLA, unauthenticated APIs)
▸ Records: 130,000 registrations + 235,000 PDFs (324.5 GB)
▸ Country: Guatemala
▸ Date: 14/05/2026
Compromised data:
Registration records (130,000 rows, 2020-2026):
▪️ ID
▪️ NIT (Guatemalan tax identification number)
▪️ CUI (Código Único de Identificación)
▪️ Nombre (full name)
▪️ Direccion (address)
▪️ Telefono (phone number)
▪️ Correo (email address)
▪️ Tipo_Org (organization type, Individual or Juridica)
PDF documents (235,000 files, 324.5 GB):
▪️ University degrees and diplomas
▪️ Ministry of Education teaching titles
▪️ SAT invoices (Facturas)
▪️ Negotiation minutes and articles of incorporation
▪️ Sports minutes (actas)
▪️ Simple agreements
▪️ Notarial acts (Protocolos with Diez Quetzales registry stamps)
▪️ Balance sheets
▪️ Bank certifications
▪️ Administrative contracts
▪️ Signed affidavits
▪️ Tax solvency certificates
▪️ Commercial patents
▪️ Scanned DPIs
▪️ Constitution of Sociedad Anónima documents
Vulnerability details:
▪️ IDOR/BOLA
▪️ Unauthenticated SAT API
▪️ Second unauthenticated API hosting all persons registered in RGAE
▪️ Cloudflare and WAF in place but bypassed via traffic simulation
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️ New Dark Web Informer Blog Post!
Title: Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents Exposed Online
Link: https://darkwebinformer.com/burkina-faso-passport-id-records-allegedly-leaked-50k-scanned-identity-documents-exposed-online/
Title: Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents Exposed Online
Link: https://darkwebinformer.com/burkina-faso-passport-id-records-allegedly-leaked-50k-scanned-identity-documents-exposed-online/
Dark Web Informer
Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents Exposed Online
A threat actor is advertising a massive collection of allegedly leaked Burkina Faso identity documents, claiming the archive contains more than 50,000 scanned passports and national ID cards in original PDF quality.
‼️🇫🇷 Collège de France allegedly breached: 1.6K records leaked from the historic French higher education and research institution
A threat actor claims to have leaked the database of collège-de-france.fr and scripta.college-de-france.fr, allegedly exposing internal staff and institutional records belonging to the prestigious French higher education and research institution. The actor states the archive contains JSON and PDF files related to the organization, including employee directory information and internal institutional data.
▸ Actor: ChimeraZ
▸ Sector: Education / Research
▸ Type: Data Leak
▸ Records: 1,600+ records
▸ Country: France
▸ Date: 14/05/2026
Compromised data:
▪️ Staff and institutional database records allegedly extracted from collège-de-france.fr and scripta.college-de-france.fr
▪️ Employee information including full names, corporate email addresses, office phone numbers, institute affiliations, and department assignments
▪️ Internal directory data containing building references, office locations, floor and room identifiers
▪️ Institute and research division references including physics, chemistry, and materials research departments
▪️ Profile photo references and internal file paths linked to staff directory systems
▪️ JSON and PDF archives allegedly containing institutional and employee-related records
The actor claims the leaked archive size is approximately 835 MB and distributed through multiple file-sharing platforms.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked the database of collège-de-france.fr and scripta.college-de-france.fr, allegedly exposing internal staff and institutional records belonging to the prestigious French higher education and research institution. The actor states the archive contains JSON and PDF files related to the organization, including employee directory information and internal institutional data.
▸ Actor: ChimeraZ
▸ Sector: Education / Research
▸ Type: Data Leak
▸ Records: 1,600+ records
▸ Country: France
▸ Date: 14/05/2026
Compromised data:
▪️ Staff and institutional database records allegedly extracted from collège-de-france.fr and scripta.college-de-france.fr
▪️ Employee information including full names, corporate email addresses, office phone numbers, institute affiliations, and department assignments
▪️ Internal directory data containing building references, office locations, floor and room identifiers
▪️ Institute and research division references including physics, chemistry, and materials research departments
▪️ Profile photo references and internal file paths linked to staff directory systems
▪️ JSON and PDF archives allegedly containing institutional and employee-related records
The actor claims the leaked archive size is approximately 835 MB and distributed through multiple file-sharing platforms.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇫🇷 Union Professionnelle des Professeurs, Cadres et Techniciens du Secrétariat et de la Comptabilité (UP) allegedly breached: 11K records leaked from the French professional association platform
A threat actor claims to have leaked a dataset of Union Professionnelle des Professeurs, Cadres et Techniciens du Secrétariat et de la Comptabilité (union-prof-asso.fr), allegedly exposing internal records and downloadable document references associated with the French professional association representing professors, executives, and technical staff in administration and accounting sectors. The actor states the leaked archive is distributed in JSON format and contains thousands of document and download records.
▸ Actor: ChimeraZ
▸ Sector: Professional Association / Education
▸ Type: Data Leak
▸ Records: 11,000+ records
▸ Country: France
▸ Date: 14/05/2026
Compromised data:
▪️ Internal database records allegedly extracted from the UP professional association platform
▪️ JSON-formatted document management and download tracking data
▪️ Uploaded PDF document references related to conventions, administrative files, and union resources
▪️ User-related metadata including names, email addresses, timestamps, and institutional affiliations
▪️ References to French educational institutions, regional offices, and administrative branches
▪️ Download history and file management entries tied to internal portal activity
The actor claims the leaked archive size is approximately 8.6 MB.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a dataset of Union Professionnelle des Professeurs, Cadres et Techniciens du Secrétariat et de la Comptabilité (union-prof-asso.fr), allegedly exposing internal records and downloadable document references associated with the French professional association representing professors, executives, and technical staff in administration and accounting sectors. The actor states the leaked archive is distributed in JSON format and contains thousands of document and download records.
▸ Actor: ChimeraZ
▸ Sector: Professional Association / Education
▸ Type: Data Leak
▸ Records: 11,000+ records
▸ Country: France
▸ Date: 14/05/2026
Compromised data:
▪️ Internal database records allegedly extracted from the UP professional association platform
▪️ JSON-formatted document management and download tracking data
▪️ Uploaded PDF document references related to conventions, administrative files, and union resources
▪️ User-related metadata including names, email addresses, timestamps, and institutional affiliations
▪️ References to French educational institutions, regional offices, and administrative branches
▪️ Download history and file management entries tied to internal portal activity
The actor claims the leaked archive size is approximately 8.6 MB.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇧🇷 Nuvidio allegedly breached: 40K files including KYC records, biometrics, private keys, customer video calls, and cloud infrastructure data exposed
A threat actor claims to have breached Nuvidio, a Brazilian identity verification and biometric onboarding provider used by financial institutions and fintech companies for KYC, video verification, and fraud prevention services.
The actor alleges the dataset contains approximately 40,000 files totaling 6.3 GB, including identity documents, customer biometric recordings, production credentials, private keys, AWS infrastructure data, and internal monitoring systems.
▸ Actor: xpI0itrs
▸ Sector: Identity Verification / Fintech / Biometrics
▸ Type: Data Breach
▸ Records: 40,000+ files
▸ Country: Brazil
▸ Date: 14/05/2026
Compromised data:
▪️ Production credentials for major services including MongoDB, PostgreSQL, AWS IAM, Twilio, Redis, RabbitMQ, OpenSearch, and Microsoft Cognitive Services
▪️ 192 Brazilian citizen identity document records including RG and CNH scans with CPF-linked filenames, photographs, fingerprints, addresses, and birth dates
▪️ Approximately 3.1 GB of customer video call recordings involving KYC verification and financial onboarding sessions
▪️ Voice biometric and speaker diarization audio files allegedly linked to customer verification systems
▪️ SSL and mTLS private keys with references to Banco Pan internal API authentication infrastructure
▪️ Complete AWS infrastructure mapping data including Terraform state files, CloudFormation templates, CloudTrail logs, VPC flow logs, ECS cluster schedules, Lambda configurations, and environment variables
▪️ Grafana backups containing employee account information and encrypted CloudWatch credentials
▪️ User-uploaded customer chat files and identity verification attachments allegedly shared during onboarding sessions
▪️ Web application source code, frontend builds, and source maps allegedly usable for reverse engineering and exploitation
Affected organizations and referenced clients allegedly include Banco Pan, BMG Money, Bradesco, Banco Mercantil, Ailos, iCred, Pipe, Claro, C6 Bank, Caixa, Agibank, Equatorial, and others.
The actor is offering the dataset for sale at $12,000 and claims the exposed material spans records dated between 2021 and May 2025.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Nuvidio, a Brazilian identity verification and biometric onboarding provider used by financial institutions and fintech companies for KYC, video verification, and fraud prevention services.
The actor alleges the dataset contains approximately 40,000 files totaling 6.3 GB, including identity documents, customer biometric recordings, production credentials, private keys, AWS infrastructure data, and internal monitoring systems.
▸ Actor: xpI0itrs
▸ Sector: Identity Verification / Fintech / Biometrics
▸ Type: Data Breach
▸ Records: 40,000+ files
▸ Country: Brazil
▸ Date: 14/05/2026
Compromised data:
▪️ Production credentials for major services including MongoDB, PostgreSQL, AWS IAM, Twilio, Redis, RabbitMQ, OpenSearch, and Microsoft Cognitive Services
▪️ 192 Brazilian citizen identity document records including RG and CNH scans with CPF-linked filenames, photographs, fingerprints, addresses, and birth dates
▪️ Approximately 3.1 GB of customer video call recordings involving KYC verification and financial onboarding sessions
▪️ Voice biometric and speaker diarization audio files allegedly linked to customer verification systems
▪️ SSL and mTLS private keys with references to Banco Pan internal API authentication infrastructure
▪️ Complete AWS infrastructure mapping data including Terraform state files, CloudFormation templates, CloudTrail logs, VPC flow logs, ECS cluster schedules, Lambda configurations, and environment variables
▪️ Grafana backups containing employee account information and encrypted CloudWatch credentials
▪️ User-uploaded customer chat files and identity verification attachments allegedly shared during onboarding sessions
▪️ Web application source code, frontend builds, and source maps allegedly usable for reverse engineering and exploitation
Affected organizations and referenced clients allegedly include Banco Pan, BMG Money, Bradesco, Banco Mercantil, Ailos, iCred, Pipe, Claro, C6 Bank, Caixa, Agibank, Equatorial, and others.
The actor is offering the dataset for sale at $12,000 and claims the exposed material spans records dated between 2021 and May 2025.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations