‼️ New Dark Web Informer Blog Post!
Title: Daily Dose of Dark Web Informer - May 14th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-14th-2026/
Title: Daily Dose of Dark Web Informer - May 14th, 2026
Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-14th-2026/
Dark Web Informer
Daily Dose of Dark Web Informer - May 14th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Chat, just a reminder to join the backup channel. Save yourself time looking for the new channel incase this one goes. https://t.me/SliceForLifeeee
Telegram
🔪 Slice For Life - Part 3 🔪
Main: t.me/SliceForLifeee
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
❤1
Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: 株式会社オリエンタルダイヤモンド
Domain:
Country: 🇯🇵 JP
Date: May 12th, 2026
Claimed by: Thegentlemen ransomware gang
Summary:
Oriental Diamond announced that on May 4, 2026, it fell victim to a ransomware cyberattack carried out by a third party, which resulted in the encryption of data on its internal servers and a risk of personal data leakage. The company immediately isolated its servers from the network, reported the incident to the police and the Personal Data Protection Commission, and launched an investigation as well as restoration work entrusted to external experts. It stated that it would henceforth strive to prevent any recurrence and restore trust by implementing measures such as suspending VPN usage and strengthening authentication procedures.
Source: https://www.orientaldiamond.jp/お知らせ
━━━━━━━━━━━━━━━━━━━━━━━━━
Victim: 株式会社オリエンタルダイヤモンド
Domain:
orientaldiamond.jpCountry: 🇯🇵 JP
Date: May 12th, 2026
Claimed by: Thegentlemen ransomware gang
Summary:
Oriental Diamond announced that on May 4, 2026, it fell victim to a ransomware cyberattack carried out by a third party, which resulted in the encryption of data on its internal servers and a risk of personal data leakage. The company immediately isolated its servers from the network, reported the incident to the police and the Personal Data Protection Commission, and launched an investigation as well as restoration work entrusted to external experts. It stated that it would henceforth strive to prevent any recurrence and restore trust by implementing measures such as suspending VPN usage and strengthening authentication procedures.
Source: https://www.orientaldiamond.jp/お知らせ
‼️🇺🇸 Eli Lilly allegedly breached: 1.2K internal repositories and 40GB of Veeva Vault documents exposed from drug development and clinical trial systems up for sale for $70K
A threat actor claims to have obtained internal codebases belonging to Eli Lilly and Company, the global pharmaceutical manufacturer. The actor alleges the exposed material includes repositories and documents tied to drug development, clinical trials, patient enrollment, medical devices, manufacturing systems, computational biology, and internal AI tooling.
▸ Actor: TeamPCP
▸ Sector: Pharmaceuticals / Biotechnology / Healthcare
▸ Type: Data Breach
▸ Records: 1,200+ repositories and 40GB of documents
▸ Country: United States
▸ Date: 14/05/2026
Compromised data:
▪️ Internal code repositories allegedly linked to Eli Lilly platforms and development environments
▪️ Drug research tools, clinical trial programs, and computational biology codebases
▪️ Internal AI agent projects and software development kit implementations
▪️ Medical device, manufacturing system, and clinical monitoring-related code
▪️ Patient enrollment and trial operations project files
▪️ Veeva Vault documents allegedly totaling approximately 40GB
▪️ DevOps and infrastructure-related project references across company systems
The actor claims the exposed material includes more than 80GB of compressed code across 1.2K+ repositories, along with documents allegedly stolen from the company’s Veeva Vault environment.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have obtained internal codebases belonging to Eli Lilly and Company, the global pharmaceutical manufacturer. The actor alleges the exposed material includes repositories and documents tied to drug development, clinical trials, patient enrollment, medical devices, manufacturing systems, computational biology, and internal AI tooling.
▸ Actor: TeamPCP
▸ Sector: Pharmaceuticals / Biotechnology / Healthcare
▸ Type: Data Breach
▸ Records: 1,200+ repositories and 40GB of documents
▸ Country: United States
▸ Date: 14/05/2026
Compromised data:
▪️ Internal code repositories allegedly linked to Eli Lilly platforms and development environments
▪️ Drug research tools, clinical trial programs, and computational biology codebases
▪️ Internal AI agent projects and software development kit implementations
▪️ Medical device, manufacturing system, and clinical monitoring-related code
▪️ Patient enrollment and trial operations project files
▪️ Veeva Vault documents allegedly totaling approximately 40GB
▪️ DevOps and infrastructure-related project references across company systems
The actor claims the exposed material includes more than 80GB of compressed code across 1.2K+ repositories, along with documents allegedly stolen from the company’s Veeva Vault environment.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇪🇸 CA Indosuez Wealth Management allegedly breached: 200K lines of account holder PII exposed from Spanish financial records
A threat actor claims to have leaked data linked to CA Indosuez Wealth Management, the global wealth management brand of Crédit Agricole. The actor alleges the exposed dataset contains approximately 200,000 lines of account holder personal information from Spain, shared in text format with sample records posted as proof.
▸ Actor: Tink3rTech
▸ Sector: Banking / Wealth Management / Financial Services
▸ Type: Data Leak
▸ Records: 200,000 lines
▸ Country: Spain
▸ Date: 14/05/2026
Compromised data:
▪️ Account holder personally identifiable information allegedly linked to a Spanish financial group
▪️ Customer contact records including phone numbers and email addresses
▪️ Personal profile data including names, gender, and dates of birth
▪️ Residential address information including cities, postal codes, and regions
▪️ Text-formatted customer records allegedly extracted from financial datasets
▪️ Sample entries shared publicly as proof of access
The actor claims the dataset contains approximately 200,000 lines of Spanish account holder PII and is being marketed through underground channels.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked data linked to CA Indosuez Wealth Management, the global wealth management brand of Crédit Agricole. The actor alleges the exposed dataset contains approximately 200,000 lines of account holder personal information from Spain, shared in text format with sample records posted as proof.
▸ Actor: Tink3rTech
▸ Sector: Banking / Wealth Management / Financial Services
▸ Type: Data Leak
▸ Records: 200,000 lines
▸ Country: Spain
▸ Date: 14/05/2026
Compromised data:
▪️ Account holder personally identifiable information allegedly linked to a Spanish financial group
▪️ Customer contact records including phone numbers and email addresses
▪️ Personal profile data including names, gender, and dates of birth
▪️ Residential address information including cities, postal codes, and regions
▪️ Text-formatted customer records allegedly extracted from financial datasets
▪️ Sample entries shared publicly as proof of access
The actor claims the dataset contains approximately 200,000 lines of Spanish account holder PII and is being marketed through underground channels.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇨🇦 Aviso Wealth allegedly breached: 261K customer records exposed from Canadian wealth management and financial services data
A threat actor claims to be selling data linked to Aviso Wealth, a Canadian wealth management and financial services company that provides services for banks, credit unions, and financial advisors. The actor alleges the exposed dataset contains customer contact and address records, with approximately 261,382 total lines.
▸ Actor: lowiqq
▸ Sector: Wealth Management / Financial Services
▸ Type: Data Leak
▸ Records: 261,382 lines
▸ Country: Canada
▸ Date: 01/05/2026
Compromised data:
▪️ Customer records allegedly linked to Aviso Wealth
▪️ Usernames or customer name fields
▪️ Residential address information
▪️ City and province data
▪️ Postal code records
▪️ Phone number fields tied to customer profiles
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling data linked to Aviso Wealth, a Canadian wealth management and financial services company that provides services for banks, credit unions, and financial advisors. The actor alleges the exposed dataset contains customer contact and address records, with approximately 261,382 total lines.
▸ Actor: lowiqq
▸ Sector: Wealth Management / Financial Services
▸ Type: Data Leak
▸ Records: 261,382 lines
▸ Country: Canada
▸ Date: 01/05/2026
Compromised data:
▪️ Customer records allegedly linked to Aviso Wealth
▪️ Usernames or customer name fields
▪️ Residential address information
▪️ City and province data
▪️ Postal code records
▪️ Phone number fields tied to customer profiles
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇺🇸 Nike allegedly breached: 61.7M database lines exposed from payments and offers datasets
A threat actor claims to be selling a Nike database, allegedly exposing tens of millions of records across payments and offers datasets. The actor states the material includes JSON files containing payment-related records and promotional offer data, with sample links shared as proof.
▸ Actor: Saikaa
▸ Sector: Retail / E-commerce / Sportswear
▸ Type: Database Leak
▸ Records: 61,773,092 lines
▸ Country: United States
▸ Date: 15/05/2026
Compromised data:
▪️ Nike database records allegedly offered for sale on an underground forum
▪️ Payment-related dataset entries from a payments JSON file
▪️ Promotional offer records from an offers JSON file
▪️ Large-scale structured JSON datasets allegedly totaling more than 33 GB
▪️ Sample data references shared by the actor as proof of access
▪️ Contact details provided through private messaging channels
The actor claims the exposed files include approximately 1,934,290 payment records and 59,838,802 offer records, totaling more than 61.7M database lines.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a Nike database, allegedly exposing tens of millions of records across payments and offers datasets. The actor states the material includes JSON files containing payment-related records and promotional offer data, with sample links shared as proof.
▸ Actor: Saikaa
▸ Sector: Retail / E-commerce / Sportswear
▸ Type: Database Leak
▸ Records: 61,773,092 lines
▸ Country: United States
▸ Date: 15/05/2026
Compromised data:
▪️ Nike database records allegedly offered for sale on an underground forum
▪️ Payment-related dataset entries from a payments JSON file
▪️ Promotional offer records from an offers JSON file
▪️ Large-scale structured JSON datasets allegedly totaling more than 33 GB
▪️ Sample data references shared by the actor as proof of access
▪️ Contact details provided through private messaging channels
The actor claims the exposed files include approximately 1,934,290 payment records and 59,838,802 offer records, totaling more than 61.7M database lines.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇦🇷 Banco Central de la República Argentina, IOMA, and GDEBA allegedly breached: credit scoring, affiliate records, and government PDF documents exposed
A threat actor claims to have leaked data tied to Banco Central de la República Argentina (BCRA), Instituto de Obra Médico Asistencial de la Provincia de Buenos Aires (IOMA), and Gobierno de la Provincia de Buenos Aires (GDEBA). The actor alleges the exposed material includes credit scoring data, IOMA affiliate and patient records, address and identity-related fields, and hundreds of government PDF documents.
▸ Actor: Skull1172
▸ Sector: Government / Healthcare / Financial Records
▸ Type: Database Leak
▸ Records: 32M+ BCRA records, 1M+ IOMA records, and 903+ PDFs
▸ Country: Argentina
▸ Date: 15/05/2026
Compromised data:
▪️ BCRA-related credit scoring and financial screening records allegedly totaling more than 32M entries
▪️ IOMA affiliate and patient records allegedly including identity, membership, contact, and health-plan related data
▪️ GDEBA government document archives containing hundreds of PDF files
▪️ Personal identifiers and tax-related fields allegedly including DNI and CUIT-type records
▪️ Address, phone, email, birth date, and membership status fields linked to exposed sample records
▪️ Administrative portal screenshots and document archive previews shared as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked data tied to Banco Central de la República Argentina (BCRA), Instituto de Obra Médico Asistencial de la Provincia de Buenos Aires (IOMA), and Gobierno de la Provincia de Buenos Aires (GDEBA). The actor alleges the exposed material includes credit scoring data, IOMA affiliate and patient records, address and identity-related fields, and hundreds of government PDF documents.
▸ Actor: Skull1172
▸ Sector: Government / Healthcare / Financial Records
▸ Type: Database Leak
▸ Records: 32M+ BCRA records, 1M+ IOMA records, and 903+ PDFs
▸ Country: Argentina
▸ Date: 15/05/2026
Compromised data:
▪️ BCRA-related credit scoring and financial screening records allegedly totaling more than 32M entries
▪️ IOMA affiliate and patient records allegedly including identity, membership, contact, and health-plan related data
▪️ GDEBA government document archives containing hundreds of PDF files
▪️ Personal identifiers and tax-related fields allegedly including DNI and CUIT-type records
▪️ Address, phone, email, birth date, and membership status fields linked to exposed sample records
▪️ Administrative portal screenshots and document archive previews shared as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇿🇦 Ephraim Mogale Local Municipality allegedly breached: government website data and municipal documents exposed in South Africa
A threat actor claims to have breached Ephraim Mogale Local Municipality, a South African local government authority. The actor alleges the exposed material includes municipal website data, public-sector documents, scanned records, and administrative files tied to local government operations.
▸ Actor: ki4tane
▸ Sector: Government / Local Municipality
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: South Africa
▸ Date: 15/05/2026
Compromised data:
▪️ Municipal website data allegedly extracted from Ephraim Mogale Local Municipality systems
▪️ Local government documents and administrative records
▪️ Scanned municipal correspondence and public hearing-related documents
▪️ Internal document images showing stamps, signatures, and official references
▪️ Website and portal references linked to municipal services
▪️ Sample screenshots shared by the actor as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Ephraim Mogale Local Municipality, a South African local government authority. The actor alleges the exposed material includes municipal website data, public-sector documents, scanned records, and administrative files tied to local government operations.
▸ Actor: ki4tane
▸ Sector: Government / Local Municipality
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: South Africa
▸ Date: 15/05/2026
Compromised data:
▪️ Municipal website data allegedly extracted from Ephraim Mogale Local Municipality systems
▪️ Local government documents and administrative records
▪️ Scanned municipal correspondence and public hearing-related documents
▪️ Internal document images showing stamps, signatures, and official references
▪️ Website and portal references linked to municipal services
▪️ Sample screenshots shared by the actor as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations