โผ๏ธTeamPCP announces forum co-ownership: platform operations, partnerships, moderation, and resource quality responsibilities outlined
TeamPCP announced its new role as co-owners of the Breached forum platform, stating the team will help manage staffing, partnerships, community decisions, moderation, escrow services, and premium resource access. The post frames the role as focused on platform reliability, community growth, verified content, and maintaining forum standards.
โธ Actor: TeamPCP
โธ Sector: Cybercrime Forum / Community Operations
โธ Type: Forum Announcement
โธ Date: 15/05/2026
Key points:
โช๏ธ TeamPCP announced a co-ownership role within the Breached forum platform
โช๏ธ Responsibilities include infrastructure uptime, staff management, moderation, and dispute handling
โช๏ธ Community growth plans include onboarding partners and expanding access to premium resources
โช๏ธ Resource quality efforts include verifying shared databases and tools
โช๏ธ Low-quality, fake, or malicious content is described as subject to removal
โช๏ธ Members who provide verified material may be rewarded by the platform
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
TeamPCP announced its new role as co-owners of the Breached forum platform, stating the team will help manage staffing, partnerships, community decisions, moderation, escrow services, and premium resource access. The post frames the role as focused on platform reliability, community growth, verified content, and maintaining forum standards.
โธ Actor: TeamPCP
โธ Sector: Cybercrime Forum / Community Operations
โธ Type: Forum Announcement
โธ Date: 15/05/2026
Key points:
โช๏ธ TeamPCP announced a co-ownership role within the Breached forum platform
โช๏ธ Responsibilities include infrastructure uptime, staff management, moderation, and dispute handling
โช๏ธ Community growth plans include onboarding partners and expanding access to premium resources
โช๏ธ Resource quality efforts include verifying shared databases and tools
โช๏ธ Low-quality, fake, or malicious content is described as subject to removal
โช๏ธ Members who provide verified material may be rewarded by the platform
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
On Monday, at some point, I will be increasing the rate limit to the API and the accounts who currently have the default limit.
This only applies to the daily request limit. I will update on Monday as to the new request count.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
This only applies to the daily request limit. I will update on Monday as to the new request count.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Telegram
๐ช Slice For Life - Part 2 ๐ช
Backup: t.me/SliceForLifeeee
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
โผ๏ธ๐ฒ๐ฝ Acapulco City Government allegedly breached: 97K+ license records exposed from municipal permit data
A threat actor claims to have leaked license records linked to the Acapulco City Government in Mexico. The actor alleges the exposed dataset contains more than 97,000 license records totaling approximately 28GB, including CURP identifiers, photographs, fingerprints, and additional municipal licensing data.
โธ Actor: homie157
โธ Sector: Government / Municipal Services
โธ Type: Database Leak
โธ Records: 97,000+ license records
โธ Country: Mexico
โธ Date: 15/05/2026
Compromised data:
โช๏ธ Municipal license records allegedly linked to Acapulco City Government systems
โช๏ธ CURP-related identity fields
โช๏ธ Photograph records tied to license entries
โช๏ธ Fingerprint image or biometric-related data
โช๏ธ Additional license holder information
โช๏ธ High-volume archive allegedly containing recent and high-quality Acapulco licensing records
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked license records linked to the Acapulco City Government in Mexico. The actor alleges the exposed dataset contains more than 97,000 license records totaling approximately 28GB, including CURP identifiers, photographs, fingerprints, and additional municipal licensing data.
โธ Actor: homie157
โธ Sector: Government / Municipal Services
โธ Type: Database Leak
โธ Records: 97,000+ license records
โธ Country: Mexico
โธ Date: 15/05/2026
Compromised data:
โช๏ธ Municipal license records allegedly linked to Acapulco City Government systems
โช๏ธ CURP-related identity fields
โช๏ธ Photograph records tied to license entries
โช๏ธ Fingerprint image or biometric-related data
โช๏ธ Additional license holder information
โช๏ธ High-volume archive allegedly containing recent and high-quality Acapulco licensing records
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
โผ๏ธ๐บ๐ธ Stansberry Research allegedly breached: 1.17M customer records exposed from investment research subscriber database
A threat actor claims to have leaked a database linked to Stansberry Research, a U.S.-based financial publishing and investment research company. The actor alleges the exposed dataset contains approximately 1,179,000 lines of customer and subscriber records, including contact information, account-related fields, and platform metadata.
โธ Actor: STOMP2
โธ Sector: Financial Publishing / Investment Research
โธ Type: Database Leak
โธ Records: 1,179,000 lines
โธ Country: United States
โธ Date: 16/05/2026
Compromised data:
โช๏ธ Customer and subscriber records allegedly linked to Stansberry Research
โช๏ธ Email address fields and contact information
โช๏ธ Names and profile-related identifiers
โช๏ธ Phone number fields where available
โช๏ธ Address records including city, state, country, and postal code fields
โช๏ธ Account and platform metadata including user IDs, creation dates, and related service identifiers
โช๏ธ Deposit or subscription-related metadata referenced in sample records
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database linked to Stansberry Research, a U.S.-based financial publishing and investment research company. The actor alleges the exposed dataset contains approximately 1,179,000 lines of customer and subscriber records, including contact information, account-related fields, and platform metadata.
โธ Actor: STOMP2
โธ Sector: Financial Publishing / Investment Research
โธ Type: Database Leak
โธ Records: 1,179,000 lines
โธ Country: United States
โธ Date: 16/05/2026
Compromised data:
โช๏ธ Customer and subscriber records allegedly linked to Stansberry Research
โช๏ธ Email address fields and contact information
โช๏ธ Names and profile-related identifiers
โช๏ธ Phone number fields where available
โช๏ธ Address records including city, state, country, and postal code fields
โช๏ธ Account and platform metadata including user IDs, creation dates, and related service identifiers
โช๏ธ Deposit or subscription-related metadata referenced in sample records
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ต๐ฐ University of Agriculture Pakistan staff database allegedly leaked
A threat actor claims to have leaked a staff database tied to the University of Agriculture Pakistan, with a second part allegedly planned to include student information in the same format.
โโโโโโโโโโโโโโโโโโโโ
Target: University of Agriculture Pakistan
Sector: Education / Higher Education
Incident: Database Leak
Exposure: Staff database records
Actor: FlipperOne
Country: Pakistan
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Staff identity and profile fields
โช๏ธ Names, gender, and address-related data
โช๏ธ Phone, mobile, and fax number fields
โช๏ธ Primary and secondary email addresses
โช๏ธ Qualification, specialization, and designation details
โช๏ธ Administrative and research role information
โช๏ธ Job status, department, and faculty identifiers
โช๏ธ Social/profile links, profile photos, resumes, and related staff records
Potential impact:
The exposed data could be used for phishing, impersonation, credential-targeting, and social engineering against university staff and departments.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a staff database tied to the University of Agriculture Pakistan, with a second part allegedly planned to include student information in the same format.
โโโโโโโโโโโโโโโโโโโโ
Target: University of Agriculture Pakistan
Sector: Education / Higher Education
Incident: Database Leak
Exposure: Staff database records
Actor: FlipperOne
Country: Pakistan
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Staff identity and profile fields
โช๏ธ Names, gender, and address-related data
โช๏ธ Phone, mobile, and fax number fields
โช๏ธ Primary and secondary email addresses
โช๏ธ Qualification, specialization, and designation details
โช๏ธ Administrative and research role information
โช๏ธ Job status, department, and faculty identifiers
โช๏ธ Social/profile links, profile photos, resumes, and related staff records
Potential impact:
The exposed data could be used for phishing, impersonation, credential-targeting, and social engineering against university staff and departments.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐บ๐ธ IRS tax payment scam page advertised on underground forum
A threat actor is advertising an IRS-themed tax payment scam page, claiming it can collect personal and payment information from victims through a fraudulent form.
โโโโโโโโโโโโโโโโโโโโ
Target Theme: IRS Tax Payment
Sector: Government Impersonation / Financial Fraud
Incident: Scam Kit Advertisement
Exposure: Personal and payment data collection
Actor: tgov02
Country: United States
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly collected:
โช๏ธ Full names and residential address details
โช๏ธ City, state, and ZIP code fields
โช๏ธ Phone numbers and email addresses
โช๏ธ Date of birth fields
โช๏ธ Social Security number fields
โช๏ธ Cardholder and payment card details
โช๏ธ Expiration date and security code fields
Potential impact:
The scam page could be used for identity theft, payment card fraud, tax-related impersonation, and financial phishing against U.S. victims.
Status:
Underground forum advertisement. The actor posted a sample attachment showing an IRS-themed payment assistant page and requested direct contact from interested buyers.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising an IRS-themed tax payment scam page, claiming it can collect personal and payment information from victims through a fraudulent form.
โโโโโโโโโโโโโโโโโโโโ
Target Theme: IRS Tax Payment
Sector: Government Impersonation / Financial Fraud
Incident: Scam Kit Advertisement
Exposure: Personal and payment data collection
Actor: tgov02
Country: United States
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly collected:
โช๏ธ Full names and residential address details
โช๏ธ City, state, and ZIP code fields
โช๏ธ Phone numbers and email addresses
โช๏ธ Date of birth fields
โช๏ธ Social Security number fields
โช๏ธ Cardholder and payment card details
โช๏ธ Expiration date and security code fields
Potential impact:
The scam page could be used for identity theft, payment card fraud, tax-related impersonation, and financial phishing against U.S. victims.
Status:
Underground forum advertisement. The actor posted a sample attachment showing an IRS-themed payment assistant page and requested direct contact from interested buyers.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ซ๐ท Belambra allegedly breached: 402K reservation and customer records exposed from French holiday club database
A threat actor claims to have leaked a database tied to Belambra, a French holiday clubs and hotels network specializing in vacation stays for families, couples, and groups.
โโโโโโโโโโโโโโโโโโโโ
Target: Belambra
Sector: Hospitality / Travel / Holiday Clubs
Incident: Database Leak
Exposure: 402K records
Actor: ChimeraZ
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Reservation records linked to Belambra holiday bookings
โช๏ธ Guest names and contact email fields
โช๏ธ Booking references and reservation IDs
โช๏ธ Site and destination information
โช๏ธ Arrival and departure dates
โช๏ธ Adult and children count fields
โช๏ธ User account and client profile metadata
โช๏ธ Restaurant booking and special-count fields
Potential impact:
The exposed data could be used for targeted phishing, booking impersonation, travel fraud, customer scams, and social engineering against Belambra guests and account holders.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the archive includes reservation, client, and children-related datasets.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Belambra, a French holiday clubs and hotels network specializing in vacation stays for families, couples, and groups.
โโโโโโโโโโโโโโโโโโโโ
Target: Belambra
Sector: Hospitality / Travel / Holiday Clubs
Incident: Database Leak
Exposure: 402K records
Actor: ChimeraZ
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Reservation records linked to Belambra holiday bookings
โช๏ธ Guest names and contact email fields
โช๏ธ Booking references and reservation IDs
โช๏ธ Site and destination information
โช๏ธ Arrival and departure dates
โช๏ธ Adult and children count fields
โช๏ธ User account and client profile metadata
โช๏ธ Restaurant booking and special-count fields
Potential impact:
The exposed data could be used for targeted phishing, booking impersonation, travel fraud, customer scams, and social engineering against Belambra guests and account holders.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the archive includes reservation, client, and children-related datasets.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
I will be adding a "Chatter" category just above where the pagination bar is with the other categories in a couple of hours on the threat feed. Be sure to update your notifications after it starts providing posts if you don't want to see/hear the noise.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Telegram
๐ช Slice For Life - Part 2 ๐ช
Backup: t.me/SliceForLifeeee
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
Website: darkwebinformer.com
Website Pricing (Includes Crypto): darkwebinformer.com/pricing
Socials: darkwebinformer.com/socials
API Access: https://darkwebinformer.com/api-details
Donate: darkwebinformer.com/donations
๐จ๐ฎ๐ฉ LSP Telematika allegedly breached: 14GB+ certification database exposed from Indonesian IT professional records
A threat actor claims to be selling a database tied to LSP Telematika, an Indonesian professional certification body for information technology. The actor alleges the exposed dataset contains tens of thousands of records involving assessors and assessees, along with private conversations, decree documents, and company files.
โโโโโโโโโโโโโโโโโโโโ
Target: LSP Telematika
Sector: Professional Certification / Information Technology
Incident: Database Leak
Exposure: 14GB+
Actor: Kyyzo
Country: Indonesia
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Assessee records from certification database tables
โช๏ธ Assessor personal data and profile information
โช๏ธ Registration numbers and certification-related identifiers
โช๏ธ Names, birthplaces, birth dates, ages, and email fields
โช๏ธ Phone numbers, identity number fields, and address-related data
โช๏ธ Private conversations and decree-related documents
โช๏ธ Personal company document files linked to certification activity
Potential impact:
The exposed data could be used for identity theft, phishing, credential targeting, impersonation, and social engineering against Indonesian IT certification participants and assessors.
Status:
Unverified underground forum claim. The actor posted database samples and described the release as part of an extortion-driven follow-up leak.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling a database tied to LSP Telematika, an Indonesian professional certification body for information technology. The actor alleges the exposed dataset contains tens of thousands of records involving assessors and assessees, along with private conversations, decree documents, and company files.
โโโโโโโโโโโโโโโโโโโโ
Target: LSP Telematika
Sector: Professional Certification / Information Technology
Incident: Database Leak
Exposure: 14GB+
Actor: Kyyzo
Country: Indonesia
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Assessee records from certification database tables
โช๏ธ Assessor personal data and profile information
โช๏ธ Registration numbers and certification-related identifiers
โช๏ธ Names, birthplaces, birth dates, ages, and email fields
โช๏ธ Phone numbers, identity number fields, and address-related data
โช๏ธ Private conversations and decree-related documents
โช๏ธ Personal company document files linked to certification activity
Potential impact:
The exposed data could be used for identity theft, phishing, credential targeting, impersonation, and social engineering against Indonesian IT certification participants and assessors.
Status:
Unverified underground forum claim. The actor posted database samples and described the release as part of an extortion-driven follow-up leak.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จGoblin Refund Service advertised: Amazon and Apple refund fraud service promoted on underground forum
A threat actor is advertising โGoblin Refund Service,โ a refund fraud operation claiming to support Amazon and Apple refund requests through a Telegram-based service.
โโโโโโโโโโโโโโโโโโโโ
Service: Goblin Refund Service
Sector: Retail Fraud / Refund Abuse
Incident: Fraud Service Advertisement
Exposure: Refund scam operation
Actor: Gr33nGoblin
Country: Unknown / Global
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Amazon and Apple refund fraud services
โช๏ธ Claimed support for customers across Europe and America
โช๏ธ Telegram-based ordering and communication
โช๏ธ Flexible terms and support channels
โช๏ธ A step-by-step service flow involving order placement, refund processing, and fee payment
โช๏ธ Cryptocurrency payment options shown in the promotional material
Potential impact:
Refund fraud services can cause financial losses for retailers, abuse customer service workflows, and enable organized e-commerce fraud across major platforms.
Status:
Underground forum advertisement. The actor posted branded promotional graphics and directs interested users to an external messaging channel.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor is advertising โGoblin Refund Service,โ a refund fraud operation claiming to support Amazon and Apple refund requests through a Telegram-based service.
โโโโโโโโโโโโโโโโโโโโ
Service: Goblin Refund Service
Sector: Retail Fraud / Refund Abuse
Incident: Fraud Service Advertisement
Exposure: Refund scam operation
Actor: Gr33nGoblin
Country: Unknown / Global
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs being advertised:
โช๏ธ Amazon and Apple refund fraud services
โช๏ธ Claimed support for customers across Europe and America
โช๏ธ Telegram-based ordering and communication
โช๏ธ Flexible terms and support channels
โช๏ธ A step-by-step service flow involving order placement, refund processing, and fee payment
โช๏ธ Cryptocurrency payment options shown in the promotional material
Potential impact:
Refund fraud services can cause financial losses for retailers, abuse customer service workflows, and enable organized e-commerce fraud across major platforms.
Status:
Underground forum advertisement. The actor posted branded promotional graphics and directs interested users to an external messaging channel.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
๐จ๐ซ๐ท Norauto allegedly breached: 522MB customer database exposed from French automotive service records
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
โโโโโโโโโโโโโโโโโโโโ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer database records allegedly linked to Norauto
โช๏ธ Customer names and profile identifiers
โช๏ธ Email addresses and phone number fields
โช๏ธ Address records including city, country, and postal code fields
โช๏ธ Customer ID and account-related metadata
โช๏ธ Antifraud scoring and validation status fields
โช๏ธ Custom customer fields referencing loyalty and identity-related labels
โช๏ธ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Norauto, a European automotive service and equipment company specializing in car maintenance, repairs, tire fitting, auto parts, and accessories.
โโโโโโโโโโโโโโโโโโโโ
Target: Norauto
Sector: Automotive Services / Retail / Customer Data
Incident: Database Leak
Exposure: 522MB
Actor: shitanus
Country: France
Date: 16/05/2026
โโโโโโโโโโโโโโโโโโโโ
Whatโs allegedly included:
โช๏ธ Customer database records allegedly linked to Norauto
โช๏ธ Customer names and profile identifiers
โช๏ธ Email addresses and phone number fields
โช๏ธ Address records including city, country, and postal code fields
โช๏ธ Customer ID and account-related metadata
โช๏ธ Antifraud scoring and validation status fields
โช๏ธ Custom customer fields referencing loyalty and identity-related labels
โช๏ธ Rental or store-related account activity metadata
Potential impact:
The exposed data could be used for phishing, customer impersonation, loyalty fraud, targeted scams, and social engineering against Norauto customers.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the download is locked behind paid forum access.
Stop guessing what's redacted. Subscribers see everything โ darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations