‼️🇦🇷 Banco Central de la República Argentina, IOMA, and GDEBA allegedly breached: credit scoring, affiliate records, and government PDF documents exposed
A threat actor claims to have leaked data tied to Banco Central de la República Argentina (BCRA), Instituto de Obra Médico Asistencial de la Provincia de Buenos Aires (IOMA), and Gobierno de la Provincia de Buenos Aires (GDEBA). The actor alleges the exposed material includes credit scoring data, IOMA affiliate and patient records, address and identity-related fields, and hundreds of government PDF documents.
▸ Actor: Skull1172
▸ Sector: Government / Healthcare / Financial Records
▸ Type: Database Leak
▸ Records: 32M+ BCRA records, 1M+ IOMA records, and 903+ PDFs
▸ Country: Argentina
▸ Date: 15/05/2026
Compromised data:
▪️ BCRA-related credit scoring and financial screening records allegedly totaling more than 32M entries
▪️ IOMA affiliate and patient records allegedly including identity, membership, contact, and health-plan related data
▪️ GDEBA government document archives containing hundreds of PDF files
▪️ Personal identifiers and tax-related fields allegedly including DNI and CUIT-type records
▪️ Address, phone, email, birth date, and membership status fields linked to exposed sample records
▪️ Administrative portal screenshots and document archive previews shared as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked data tied to Banco Central de la República Argentina (BCRA), Instituto de Obra Médico Asistencial de la Provincia de Buenos Aires (IOMA), and Gobierno de la Provincia de Buenos Aires (GDEBA). The actor alleges the exposed material includes credit scoring data, IOMA affiliate and patient records, address and identity-related fields, and hundreds of government PDF documents.
▸ Actor: Skull1172
▸ Sector: Government / Healthcare / Financial Records
▸ Type: Database Leak
▸ Records: 32M+ BCRA records, 1M+ IOMA records, and 903+ PDFs
▸ Country: Argentina
▸ Date: 15/05/2026
Compromised data:
▪️ BCRA-related credit scoring and financial screening records allegedly totaling more than 32M entries
▪️ IOMA affiliate and patient records allegedly including identity, membership, contact, and health-plan related data
▪️ GDEBA government document archives containing hundreds of PDF files
▪️ Personal identifiers and tax-related fields allegedly including DNI and CUIT-type records
▪️ Address, phone, email, birth date, and membership status fields linked to exposed sample records
▪️ Administrative portal screenshots and document archive previews shared as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇿🇦 Ephraim Mogale Local Municipality allegedly breached: government website data and municipal documents exposed in South Africa
A threat actor claims to have breached Ephraim Mogale Local Municipality, a South African local government authority. The actor alleges the exposed material includes municipal website data, public-sector documents, scanned records, and administrative files tied to local government operations.
▸ Actor: ki4tane
▸ Sector: Government / Local Municipality
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: South Africa
▸ Date: 15/05/2026
Compromised data:
▪️ Municipal website data allegedly extracted from Ephraim Mogale Local Municipality systems
▪️ Local government documents and administrative records
▪️ Scanned municipal correspondence and public hearing-related documents
▪️ Internal document images showing stamps, signatures, and official references
▪️ Website and portal references linked to municipal services
▪️ Sample screenshots shared by the actor as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Ephraim Mogale Local Municipality, a South African local government authority. The actor alleges the exposed material includes municipal website data, public-sector documents, scanned records, and administrative files tied to local government operations.
▸ Actor: ki4tane
▸ Sector: Government / Local Municipality
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: South Africa
▸ Date: 15/05/2026
Compromised data:
▪️ Municipal website data allegedly extracted from Ephraim Mogale Local Municipality systems
▪️ Local government documents and administrative records
▪️ Scanned municipal correspondence and public hearing-related documents
▪️ Internal document images showing stamps, signatures, and official references
▪️ Website and portal references linked to municipal services
▪️ Sample screenshots shared by the actor as proof of access
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️An admin on a well-known cybercriminal forum announces CIS data restriction: Russia and multiple CIS-related countries prohibited from breach and document posts
A forum administrator announced a new policy prohibiting activity involving Russia and several CIS-related countries, stating that data breach posts or document leaks targeting the listed countries will no longer be permitted. The administrator warned that violating threads may be deleted and repeat violations may result in bans.
▸ Actor: "John"
▸ Sector: Cybercrime Forum / Policy Announcement
▸ Type: Forum Statement
▸ Records: Not applicable
▸ Country: Russia / CIS Region
▸ Date: 15/05/2026
Affected scope:
▪️ Russia-related breach and document posts prohibited
▪️ Ukraine-related breach and document posts prohibited
▪️ Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Tajikistan, Uzbekistan, Turkmenistan, Moldova, and Georgia included in the restriction
▪️ Forum users warned that violating threads may be deleted
▪️ Repeat violations may result in account bans
▪️ Policy framed as applying to all activity concerning the listed countries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A forum administrator announced a new policy prohibiting activity involving Russia and several CIS-related countries, stating that data breach posts or document leaks targeting the listed countries will no longer be permitted. The administrator warned that violating threads may be deleted and repeat violations may result in bans.
▸ Actor: "John"
▸ Sector: Cybercrime Forum / Policy Announcement
▸ Type: Forum Statement
▸ Records: Not applicable
▸ Country: Russia / CIS Region
▸ Date: 15/05/2026
Affected scope:
▪️ Russia-related breach and document posts prohibited
▪️ Ukraine-related breach and document posts prohibited
▪️ Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Tajikistan, Uzbekistan, Turkmenistan, Moldova, and Georgia included in the restriction
▪️ Forum users warned that violating threads may be deleted
▪️ Repeat violations may result in account bans
▪️ Policy framed as applying to all activity concerning the listed countries
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ The FBI has provided a new Public Service Announcement regarding the ShinyHunters cybercriminal group and their recent attack affecting an online Learning Management System (LMS).
https://www.ic3.gov/PSA/2026/PSA260515
The FBI is providing recommendations on what to do if you are contacted directly by anyone claiming to have your data.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://www.ic3.gov/PSA/2026/PSA260515
The FBI is providing recommendations on what to do if you are contacted directly by anyone claiming to have your data.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️ New Dark Web Informer Blog Post!
Title: Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks
Link: https://darkwebinformer.com/icaro-cloud-allegedly-breached-firewall-configs-vpn-keys-tls-certificates-and-internal-network-data-exposed-across-20-spanish-corporate-networks/
Title: Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks
Link: https://darkwebinformer.com/icaro-cloud-allegedly-breached-firewall-configs-vpn-keys-tls-certificates-and-internal-network-data-exposed-across-20-spanish-corporate-networks/
Dark Web Informer
Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish…
A threat actor claims to have breached Ícaro Cloud S.L., an Alicante-based managed service provider in Spain, allegedly exposing sensitive configuration data across 20 client networks.
‼️ New Dark Web Informer Blog Post!
Title: Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
Link: https://darkwebinformer.com/auchan-allegedly-breached-1-29m-customer-database-entries-exposed-from-french-retail-records/
Title: Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
Link: https://darkwebinformer.com/auchan-allegedly-breached-1-29m-customer-database-entries-exposed-from-french-retail-records/
Dark Web Informer
Auchan Allegedly Breached: 1.29M Customer Database Entries Exposed from French Retail Records
A threat actor claims to be selling a fresh database dump linked to Auchan, the French multinational retail group.
‼️ New Dark Web Informer Blog Post!
Title: Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
Link: https://darkwebinformer.com/stych-allegedly-breached-1-34m-customer-database-entries-exposed-from-french-mobility-service-records/
Title: Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
Link: https://darkwebinformer.com/stych-allegedly-breached-1-34m-customer-database-entries-exposed-from-french-mobility-service-records/
Dark Web Informer
Stych Allegedly Breached: 1.34M Customer Database Entries Exposed from French Mobility Service Records
A threat actor claims to be selling a fresh database dump linked to Stych, a French driving school and mobility training platform.
‼️🇮🇱 Aran Group allegedly breached: internal IT infrastructure and operational data exposed from bag-in-box packaging systems
A threat actor claims to have breached Aran Group, an Israeli industrial liquid packaging company specializing in bag-in-box (BIB) and aseptic packaging solutions for food and beverage markets. The actor alleges the incident affected IT infrastructure across multiple regions and included internal access, operational records, and supporting attachments shared as proof.
▸ Actor: MDGhost
▸ Sector: Industrial Packaging / Manufacturing
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: Israel
▸ Date: 15/05/2026
Compromised data:
▪️ Internal IT infrastructure allegedly linked to Aran Group operations
▪️ Operational data connected to industrial packaging environments
▪️ Access-related materials and internal system references
▪️ Regional infrastructure allegedly spanning Israel, the United States, Germany, and Spain
▪️ Attachments shared by the actor as proof of access
▪️ Company and business operations data tied to bag-in-box packaging services
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have breached Aran Group, an Israeli industrial liquid packaging company specializing in bag-in-box (BIB) and aseptic packaging solutions for food and beverage markets. The actor alleges the incident affected IT infrastructure across multiple regions and included internal access, operational records, and supporting attachments shared as proof.
▸ Actor: MDGhost
▸ Sector: Industrial Packaging / Manufacturing
▸ Type: Data Breach
▸ Records: Unknown
▸ Country: Israel
▸ Date: 15/05/2026
Compromised data:
▪️ Internal IT infrastructure allegedly linked to Aran Group operations
▪️ Operational data connected to industrial packaging environments
▪️ Access-related materials and internal system references
▪️ Regional infrastructure allegedly spanning Israel, the United States, Germany, and Spain
▪️ Attachments shared by the actor as proof of access
▪️ Company and business operations data tied to bag-in-box packaging services
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇮🇩 @Sorbinfo Perumda Tirta Musi Palembang allegedly breached: 437K customer records and 257K phone numbers exposed from Indonesian water utility data
A threat actor claims to be selling data linked to Perumda Tirta Musi Palembang, the city-owned water utility provider serving customers in Palembang, Indonesia. The actor alleges the exposed dataset contains more than 437,000 customer records and 257,000 phone numbers, including names, addresses, telephone numbers, tariff codes, and other service-related fields.
▸ Actor: Sorb
▸ Sector: Water Utility / Public Services
▸ Type: Database Leak
▸ Records: 437,000+ customer records and 257,000 phone numbers
▸ Country: Indonesia
▸ Date: 13/05/2026
Compromised data:
▪️ Customer database records allegedly linked to Perumda Tirta Musi Palembang
▪️ Customer names and account-related identifiers
▪️ Residential address information
▪️ Telephone and contact number fields
▪️ Tariff code and service classification data
▪️ Additional utility service records tied to water customer accounts
The dataset is described as containing customer information from the Palembang municipal water utility and is being offered for sale on an underground forum.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling data linked to Perumda Tirta Musi Palembang, the city-owned water utility provider serving customers in Palembang, Indonesia. The actor alleges the exposed dataset contains more than 437,000 customer records and 257,000 phone numbers, including names, addresses, telephone numbers, tariff codes, and other service-related fields.
▸ Actor: Sorb
▸ Sector: Water Utility / Public Services
▸ Type: Database Leak
▸ Records: 437,000+ customer records and 257,000 phone numbers
▸ Country: Indonesia
▸ Date: 13/05/2026
Compromised data:
▪️ Customer database records allegedly linked to Perumda Tirta Musi Palembang
▪️ Customer names and account-related identifiers
▪️ Residential address information
▪️ Telephone and contact number fields
▪️ Tariff code and service classification data
▪️ Additional utility service records tied to water customer accounts
The dataset is described as containing customer information from the Palembang municipal water utility and is being offered for sale on an underground forum.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️🇸🇦 Wateen allegedly breached: 180K blood donor records exposed from Saudi Arabia blood donation app database
A threat actor claims to have leaked a database linked to Wateen, the official blood donation mobile application in Saudi Arabia launched in collaboration with the Ministry of Health. The actor alleges the exposed dataset contains 180,438 blood donor records, including donor identity, donation, blood type, and contact-related fields.
▸ Actor: lulzintel
▸ Sector: Healthcare / Blood Donation / Mobile App
▸ Type: Database Leak
▸ Records: 180,438 donor records
▸ Country: Saudi Arabia
▸ Date: 15/05/2026
Compromised data:
▪️ Blood donor records allegedly linked to the Wateen mobile application
▪️ Donor names and identity-related fields
▪️ Blood group and blood type information
▪️ Gender and donation date records
▪️ Donation type and donation status fields
▪️ Mobile number and donor ID-related fields
▪️ Blood bank and blood bag number references
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database linked to Wateen, the official blood donation mobile application in Saudi Arabia launched in collaboration with the Ministry of Health. The actor alleges the exposed dataset contains 180,438 blood donor records, including donor identity, donation, blood type, and contact-related fields.
▸ Actor: lulzintel
▸ Sector: Healthcare / Blood Donation / Mobile App
▸ Type: Database Leak
▸ Records: 180,438 donor records
▸ Country: Saudi Arabia
▸ Date: 15/05/2026
Compromised data:
▪️ Blood donor records allegedly linked to the Wateen mobile application
▪️ Donor names and identity-related fields
▪️ Blood group and blood type information
▪️ Gender and donation date records
▪️ Donation type and donation status fields
▪️ Mobile number and donor ID-related fields
▪️ Blood bank and blood bag number references
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A company that has an API subscription requested a specific forum to be scraped that is Tor only. I'm testing that functionality now with another forum. Assuming everything works properly I will be onboarding Tor only forums starting next week. Thought I would share.
❤1🔥1