‼️ New Dark Web Informer Blog Post!

Title: Daily Dose of Dark Web Informer - May 18th, 2026

Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-18th-2026/

🚨🇳🇬 General Directorate of Public Accounting and Treasury of Nigeria allegedly breached: 70GB of government financial and employee data leaked

A threat actor claims to have leaked data tied to the General Directorate of Public Accounting and Treasury of Nigeria (DGCPT) following an alleged ransomware-related cyberattack.

━━━━━━━━━━━━━━━━━━━━
Target: General Directorate of Public Accounting and Treasury of Nigeria
Sector: Government / Public Finance / Treasury
Incident: Data Breach / Ransomware Leak
Exposure: 70GB+
Actor: 0xSec
Country: Nigeria
Date: 18/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Government employee records allegedly linked to DGCPT systems
▪️ Employee ID, first name, and last name fields
▪️ Phone number and contact-related data
▪️ Bank, branch, and account-related fields
▪️ Additional financial identifiers referenced in SQL files
▪️ Multiple SQL database files containing employee and treasury-related records

Potential impact:

The exposed data could be used for identity theft, payroll fraud, banking fraud, phishing, impersonation, and targeted social engineering against government employees and financial administration contacts.

Status:

Unverified underground forum claim. The actor states the archive contains more than 70GB of exfiltrated data and references multiple SQL files.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇧🇷 Econet Editora allegedly breached: 163GB full database advertised for sale from Brazilian education publishing platform

A threat actor claims to be selling a full database tied to Econet Editora, a Brazilian publishing platform focused on educational content, books, digital resources, and learning materials for students and educators.

━━━━━━━━━━━━━━━━━━━━
Target: Econet Editora
Sector: Education / Publishing / Digital Learning
Incident: Database Leak / Data Sale
Exposure: 163GB
Actor: [Citizen] joaoestrella
Country: Brazil
Date: 18/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Full database allegedly linked to Econet Editora
▪️ Email address fields
▪️ Plaintext password claims
▪️ User/account-related database records
▪️ Platform and publishing service data
▪️ Database and table listings shared as proof
▪️ Additional unspecified internal records referenced by the actor

Potential impact:

The exposed data could be used for credential stuffing, account takeover, phishing, identity theft, and targeted scams against students, educators, and platform users.

Status:

Unverified underground forum sale listing. The actor claims the database totals 163GB and includes emails, plaintext passwords, and additional database content.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

⚠️ FBI Watchdog - WHOIS Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: breached.st
Record Type: WHOIS Change
Time Detected: 2026-05-19 01:23:42 UTC

Previous Records:

status: ['ok']

New Records:

status: ['ok'] → ['clienttransferprohibited']

Hackers laying it on thick...
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

Lul

🚨 https://x.com/i/status/2056571156858073538

🚨🇲🇽 Escuela Normal Experimental allegedly breached: 3,414 student/application records exposed from Mexican school database

A threat actor claims to have leaked a database tied to Escuela Normal Experimental in Mexico, allegedly exposing student and application-related records from an education system.

━━━━━━━━━━━━━━━━━━━━
Target: Escuela Normal Experimental
Sector: Education / School Administration
Incident: Database Leak
Exposure: 3,414 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Student and application records allegedly linked to the school
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address and municipality-related records
▪️ School file and subsystem-related administrative fields

Potential impact:

The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.

Status:

Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇲🇽 Instituto Tecnológico del Istmo allegedly breached: 3,640 student/application records exposed from Oaxaca education database

A threat actor claims to have leaked a database tied to Instituto Tecnológico del Istmo in Oaxaca, Mexico, allegedly exposing student and application-related records from an education system.

━━━━━━━━━━━━━━━━━━━━
Target: Instituto Tecnológico del Istmo
Sector: Education / Higher Education / School Administration
Incident: Database Leak
Exposure: 3,640 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Student and application records allegedly linked to the institute
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address, state, and municipality-related records
▪️ Administrative school system fields tied to application workflows

Potential impact:

The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.

Status:

Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️ New Dark Web Informer Blog Post!

Title: Nirvasa allegedly breached: 3.5K healthcare platform user records advertised for sale

Link: https://darkwebinformer.com/nirvasa-allegedly-breached-3-5k-healthcare-platform-user-records-advertised-for-sale/

‼️ New Dark Web Informer Blog Post!

Title: Watiqa.ma allegedly breached: 695K Moroccan civil document platform records exposed

Link: https://darkwebinformer.com/watiqa-ma-allegedly-breached-695k-moroccan-civil-document-platform-records-exposed/

🚨🇫🇷 Lagrange Vacances allegedly breached: 44K holiday rental reservation records exposed from French travel booking database

A threat actor claims to have leaked a database tied to Lagrange Vacances, a French holiday rental and vacation accommodation provider offering apartments, holiday homes, and leisure stays across France and Europe.

━━━━━━━━━━━━━━━━━━━━
Target: Lagrange Vacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 44K records / 35MB
Actor: ChimeraZ
Country: France
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Reservation records allegedly linked to Lagrange Vacances bookings
▪️ Customer and participant identity fields
▪️ Booking references and reservation IDs
▪️ Vendor, lodging, and product-related records
▪️ Guest count fields including adults and children
▪️ Stay dates, arrival/departure times, and accommodation details
▪️ Pricing, commission, fees, and payment-related booking metadata
▪️ Customer comments and special booking notes

Potential impact:

The exposed data could be used for booking impersonation, targeted phishing, travel fraud, customer scams, and social engineering against travelers, guests, and booking partners.

Status:

Unverified underground forum claim. The actor posted structured JSON reservation samples and claims the download links are hidden behind forum access.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇨🇮 Unknown Ivory Coast ID dataset advertised: 10.6K ID document files offered for sale

A threat actor claims to be selling an unidentified dataset containing Ivory Coast identity document images, including front-side ID images, back-side ID images, and selfie verification photos.

━━━━━━━━━━━━━━━━━━━━
Target: Unknown Ivory Coast ID dataset
Sector: Identity Documents / KYC Data
Incident: Data Sale
Exposure: 32,009 files / 2.10GB
Actor: azrekx
Country: Côte d’Ivoire
Price: $5,000 full dataset / $1 per record
Date: 18/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Ivory Coast ID document images
▪️ Front and back ID card files
▪️ Selfie verification images
▪️ KYC-style identity verification records
▪️ Personal identity document data
▪️ Image archive samples allegedly shared through external channels

Potential impact:

The exposed documents could be used for identity theft, account fraud, KYC bypass, impersonation, and financial scams involving affected individuals.

Status:

Unverified underground forum sale listing. The actor claims the dataset was found on a server, continues to grow, and may not be tied to a known source organization.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇧🇷 Speedio allegedly breached: 62M Brazilian B2B marketing records exposed

A threat actor claims to have leaked a large B2B marketing database tied to Speedio, a Brazilian business intelligence and sales prospecting platform.

━━━━━━━━━━━━━━━━━━━━
Target: Speedio
Sector: B2B Marketing / Sales Intelligence / Business Data
Incident: Database Leak
Exposure: 62M lines / 27,652,184 unique emails
Actor: Claude
Country: Brazil
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━

What’s allegedly included:

▪️ Brazilian company and business profile records
▪️ Legal names and trading names
▪️ Company identifiers and MongoDB-related record IDs
▪️ Business status, legal nature, and founding date fields
▪️ Primary and secondary economic activity classifications
▪️ Company size, capital amount, and tax regime metadata
▪️ Email addresses, phone numbers, and WhatsApp contact fields
▪️ Address and WhatsApp validation-related data

Potential impact:

The exposed data could be used for B2B phishing, business impersonation, spam campaigns, targeted scams, lead fraud, and social engineering against Brazilian companies and contacts.

Status:

Unverified underground forum claim. The actor posted structured JSON samples and claims the dataset contains 62M total lines, including more than 27.6M unique email addresses.

Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━

Justice Department Notifies Washington of Investigation into Whether Housing Biological Men in Women’s Prison Violates Constitution

Full Press Release → justice.gov

━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor

Note: DOJ articles that are not Cyber related will be removed manually.