🚨🇲🇽 Escuela Normal Experimental allegedly breached: 3,414 student/application records exposed from Mexican school database
A threat actor claims to have leaked a database tied to Escuela Normal Experimental in Mexico, allegedly exposing student and application-related records from an education system.
━━━━━━━━━━━━━━━━━━━━
Target: Escuela Normal Experimental
Sector: Education / School Administration
Incident: Database Leak
Exposure: 3,414 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student and application records allegedly linked to the school
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address and municipality-related records
▪️ School file and subsystem-related administrative fields
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Escuela Normal Experimental in Mexico, allegedly exposing student and application-related records from an education system.
━━━━━━━━━━━━━━━━━━━━
Target: Escuela Normal Experimental
Sector: Education / School Administration
Incident: Database Leak
Exposure: 3,414 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student and application records allegedly linked to the school
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address and municipality-related records
▪️ School file and subsystem-related administrative fields
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇲🇽 Instituto Tecnológico del Istmo allegedly breached: 3,640 student/application records exposed from Oaxaca education database
A threat actor claims to have leaked a database tied to Instituto Tecnológico del Istmo in Oaxaca, Mexico, allegedly exposing student and application-related records from an education system.
━━━━━━━━━━━━━━━━━━━━
Target: Instituto Tecnológico del Istmo
Sector: Education / Higher Education / School Administration
Incident: Database Leak
Exposure: 3,640 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student and application records allegedly linked to the institute
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address, state, and municipality-related records
▪️ Administrative school system fields tied to application workflows
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Instituto Tecnológico del Istmo in Oaxaca, Mexico, allegedly exposing student and application-related records from an education system.
━━━━━━━━━━━━━━━━━━━━
Target: Instituto Tecnológico del Istmo
Sector: Education / Higher Education / School Administration
Incident: Database Leak
Exposure: 3,640 records
Actor: Z3r00 and MagoSpeak
Country: Mexico
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student and application records allegedly linked to the institute
▪️ Application folio and request status fields
▪️ CURP identity-related fields
▪️ Names, paternal surnames, and maternal surnames
▪️ Age, birth date, gender, nationality, and birth entity fields
▪️ Email, fixed phone, and mobile phone fields
▪️ Address, state, and municipality-related records
▪️ Administrative school system fields tied to application workflows
Potential impact:
The exposed data could be used for identity theft, phishing, student impersonation, education fraud, and targeted social engineering against applicants, students, and school staff.
Status:
Unverified underground forum claim. The actor posted a field list and claims the database is available through an external file-hosting link.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨Death Stealer 2026 advertised: information-stealing malware post shared on underground forum
A forum user is advertising “Death Stealer 2026,” described as an information-stealing malware concept associated with credential theft, browser data collection, and unauthorized extraction of sensitive user data.
━━━━━━━━━━━━━━━━━━━━
Service: Death Stealer 2026
Sector: Malware / Info-Stealer / Cybercrime Tools
Incident: Malware Advertisement
Exposure: Credential theft and browser data collection tool
Actor: Jake Elliott
Country: Unknown / Global
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s being advertised:
▪️ Information-stealing malware branded as “Death Stealer 2026”
▪️ Credential and browser data targeting claims
▪️ Sensitive application and system data collection references
▪️ External server communication for stolen data transfer
▪️ Malware behavior framed around stealth and detection avoidance
▪️ VirusTotal scan result section referenced in the post
▪️ Download link section included by the actor
Potential impact:
The advertised tool could be used for credential theft, account takeover, financial fraud, identity theft, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The post presents a short malware summary, key capabilities, scan-result references, and a download section.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A forum user is advertising “Death Stealer 2026,” described as an information-stealing malware concept associated with credential theft, browser data collection, and unauthorized extraction of sensitive user data.
━━━━━━━━━━━━━━━━━━━━
Service: Death Stealer 2026
Sector: Malware / Info-Stealer / Cybercrime Tools
Incident: Malware Advertisement
Exposure: Credential theft and browser data collection tool
Actor: Jake Elliott
Country: Unknown / Global
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s being advertised:
▪️ Information-stealing malware branded as “Death Stealer 2026”
▪️ Credential and browser data targeting claims
▪️ Sensitive application and system data collection references
▪️ External server communication for stolen data transfer
▪️ Malware behavior framed around stealth and detection avoidance
▪️ VirusTotal scan result section referenced in the post
▪️ Download link section included by the actor
Potential impact:
The advertised tool could be used for credential theft, account takeover, financial fraud, identity theft, and broader compromise of personal or enterprise systems.
Status:
Underground forum advertisement. The post presents a short malware summary, key capabilities, scan-result references, and a download section.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Nirvasa allegedly breached: 3.5K healthcare platform user records advertised for sale
Link: https://darkwebinformer.com/nirvasa-allegedly-breached-3-5k-healthcare-platform-user-records-advertised-for-sale/
Title: Nirvasa allegedly breached: 3.5K healthcare platform user records advertised for sale
Link: https://darkwebinformer.com/nirvasa-allegedly-breached-3-5k-healthcare-platform-user-records-advertised-for-sale/
Dark Web Informer
Nirvasa allegedly breached: 3.5K healthcare platform user records advertised for sale
A threat actor claims to be selling data tied to Nirvasa, an Indian digital healthcare platform focused on primary care, personalized treatment, and patient services.
‼️ New Dark Web Informer Blog Post!
Title: Watiqa.ma allegedly breached: 695K Moroccan civil document platform records exposed
Link: https://darkwebinformer.com/watiqa-ma-allegedly-breached-695k-moroccan-civil-document-platform-records-exposed/
Title: Watiqa.ma allegedly breached: 695K Moroccan civil document platform records exposed
Link: https://darkwebinformer.com/watiqa-ma-allegedly-breached-695k-moroccan-civil-document-platform-records-exposed/
Dark Web Informer
Watiqa.ma allegedly breached: 695K Moroccan civil document platform records exposed
A threat actor claims to have leaked a full database dump tied to Watiqa.ma, Morocco’s government electronic platform for requesting civil status documents.
🚨🇫🇷 Lagrange Vacances allegedly breached: 44K holiday rental reservation records exposed from French travel booking database
A threat actor claims to have leaked a database tied to Lagrange Vacances, a French holiday rental and vacation accommodation provider offering apartments, holiday homes, and leisure stays across France and Europe.
━━━━━━━━━━━━━━━━━━━━
Target: Lagrange Vacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 44K records / 35MB
Actor: ChimeraZ
Country: France
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Reservation records allegedly linked to Lagrange Vacances bookings
▪️ Customer and participant identity fields
▪️ Booking references and reservation IDs
▪️ Vendor, lodging, and product-related records
▪️ Guest count fields including adults and children
▪️ Stay dates, arrival/departure times, and accommodation details
▪️ Pricing, commission, fees, and payment-related booking metadata
▪️ Customer comments and special booking notes
Potential impact:
The exposed data could be used for booking impersonation, targeted phishing, travel fraud, customer scams, and social engineering against travelers, guests, and booking partners.
Status:
Unverified underground forum claim. The actor posted structured JSON reservation samples and claims the download links are hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a database tied to Lagrange Vacances, a French holiday rental and vacation accommodation provider offering apartments, holiday homes, and leisure stays across France and Europe.
━━━━━━━━━━━━━━━━━━━━
Target: Lagrange Vacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 44K records / 35MB
Actor: ChimeraZ
Country: France
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Reservation records allegedly linked to Lagrange Vacances bookings
▪️ Customer and participant identity fields
▪️ Booking references and reservation IDs
▪️ Vendor, lodging, and product-related records
▪️ Guest count fields including adults and children
▪️ Stay dates, arrival/departure times, and accommodation details
▪️ Pricing, commission, fees, and payment-related booking metadata
▪️ Customer comments and special booking notes
Potential impact:
The exposed data could be used for booking impersonation, targeted phishing, travel fraud, customer scams, and social engineering against travelers, guests, and booking partners.
Status:
Unverified underground forum claim. The actor posted structured JSON reservation samples and claims the download links are hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
🚨🇨🇮 Unknown Ivory Coast ID dataset advertised: 10.6K ID document files offered for sale
A threat actor claims to be selling an unidentified dataset containing Ivory Coast identity document images, including front-side ID images, back-side ID images, and selfie verification photos.
━━━━━━━━━━━━━━━━━━━━
Target: Unknown Ivory Coast ID dataset
Sector: Identity Documents / KYC Data
Incident: Data Sale
Exposure: 32,009 files / 2.10GB
Actor: azrekx
Country: Côte d’Ivoire
Price: $5,000 full dataset / $1 per record
Date: 18/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Ivory Coast ID document images
▪️ Front and back ID card files
▪️ Selfie verification images
▪️ KYC-style identity verification records
▪️ Personal identity document data
▪️ Image archive samples allegedly shared through external channels
Potential impact:
The exposed documents could be used for identity theft, account fraud, KYC bypass, impersonation, and financial scams involving affected individuals.
Status:
Unverified underground forum sale listing. The actor claims the dataset was found on a server, continues to grow, and may not be tied to a known source organization.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling an unidentified dataset containing Ivory Coast identity document images, including front-side ID images, back-side ID images, and selfie verification photos.
━━━━━━━━━━━━━━━━━━━━
Target: Unknown Ivory Coast ID dataset
Sector: Identity Documents / KYC Data
Incident: Data Sale
Exposure: 32,009 files / 2.10GB
Actor: azrekx
Country: Côte d’Ivoire
Price: $5,000 full dataset / $1 per record
Date: 18/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Ivory Coast ID document images
▪️ Front and back ID card files
▪️ Selfie verification images
▪️ KYC-style identity verification records
▪️ Personal identity document data
▪️ Image archive samples allegedly shared through external channels
Potential impact:
The exposed documents could be used for identity theft, account fraud, KYC bypass, impersonation, and financial scams involving affected individuals.
Status:
Unverified underground forum sale listing. The actor claims the dataset was found on a server, continues to grow, and may not be tied to a known source organization.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇦🇪 Bayut allegedly breached: 986K real estate customer records and identity documents exposed
A threat actor claims to have leaked a large dataset allegedly tied to Bayut, one of the UAE’s major real estate platforms.
━━━━━━━━━━━━━━━━━━━━
Target: Bayut
Sector: Real Estate / Property Technology / Customer Data
Incident: Data Leak
Exposure: 986,506 records
Actor: attacker_company
Country: United Arab Emirates
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Customer records allegedly linked to Bayut
▪️ Full names and login/user identifier fields
▪️ Password-related values
▪️ Phone numbers, WhatsApp contact fields, and email addresses
▪️ IP address logs and location classification fields
▪️ Physical address and ZIP/postal data
▪️ Passport, Golden Card, and ID document images
▪️ Title deed and property ownership document samples
Potential impact:
The exposed data could be used for identity theft, real estate fraud, account takeover, phishing, property-owner impersonation, and targeted scams against Bayut users and customers.
Status:
Unverified underground forum claim. The actor posted sample identity documents, property ownership document previews, and claims additional personal information data is hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a large dataset allegedly tied to Bayut, one of the UAE’s major real estate platforms.
━━━━━━━━━━━━━━━━━━━━
Target: Bayut
Sector: Real Estate / Property Technology / Customer Data
Incident: Data Leak
Exposure: 986,506 records
Actor: attacker_company
Country: United Arab Emirates
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Customer records allegedly linked to Bayut
▪️ Full names and login/user identifier fields
▪️ Password-related values
▪️ Phone numbers, WhatsApp contact fields, and email addresses
▪️ IP address logs and location classification fields
▪️ Physical address and ZIP/postal data
▪️ Passport, Golden Card, and ID document images
▪️ Title deed and property ownership document samples
Potential impact:
The exposed data could be used for identity theft, real estate fraud, account takeover, phishing, property-owner impersonation, and targeted scams against Bayut users and customers.
Status:
Unverified underground forum claim. The actor posted sample identity documents, property ownership document previews, and claims additional personal information data is hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇧🇷 Speedio allegedly breached: 62M Brazilian B2B marketing records exposed
A threat actor claims to have leaked a large B2B marketing database tied to Speedio, a Brazilian business intelligence and sales prospecting platform.
━━━━━━━━━━━━━━━━━━━━
Target: Speedio
Sector: B2B Marketing / Sales Intelligence / Business Data
Incident: Database Leak
Exposure: 62M lines / 27,652,184 unique emails
Actor: Claude
Country: Brazil
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Brazilian company and business profile records
▪️ Legal names and trading names
▪️ Company identifiers and MongoDB-related record IDs
▪️ Business status, legal nature, and founding date fields
▪️ Primary and secondary economic activity classifications
▪️ Company size, capital amount, and tax regime metadata
▪️ Email addresses, phone numbers, and WhatsApp contact fields
▪️ Address and WhatsApp validation-related data
Potential impact:
The exposed data could be used for B2B phishing, business impersonation, spam campaigns, targeted scams, lead fraud, and social engineering against Brazilian companies and contacts.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the dataset contains 62M total lines, including more than 27.6M unique email addresses.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have leaked a large B2B marketing database tied to Speedio, a Brazilian business intelligence and sales prospecting platform.
━━━━━━━━━━━━━━━━━━━━
Target: Speedio
Sector: B2B Marketing / Sales Intelligence / Business Data
Incident: Database Leak
Exposure: 62M lines / 27,652,184 unique emails
Actor: Claude
Country: Brazil
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Brazilian company and business profile records
▪️ Legal names and trading names
▪️ Company identifiers and MongoDB-related record IDs
▪️ Business status, legal nature, and founding date fields
▪️ Primary and secondary economic activity classifications
▪️ Company size, capital amount, and tax regime metadata
▪️ Email addresses, phone numbers, and WhatsApp contact fields
▪️ Address and WhatsApp validation-related data
Potential impact:
The exposed data could be used for B2B phishing, business impersonation, spam campaigns, targeted scams, lead fraud, and social engineering against Brazilian companies and contacts.
Status:
Unverified underground forum claim. The actor posted structured JSON samples and claims the dataset contains 62M total lines, including more than 27.6M unique email addresses.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1
‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━
Justice Department Notifies Washington of Investigation into Whether Housing Biological Men in Women’s Prison Violates Constitution
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
━━━━━━━━━━━━━━━━━━━━━
Justice Department Notifies Washington of Investigation into Whether Housing Biological Men in Women’s Prison Violates Constitution
Full Press Release → justice.gov
━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor
Note: DOJ articles that are not Cyber related will be removed manually.
www.justice.gov
Justice Department Notifies Washington of Investigation into Whether
Today, the Justice Department notified Washington Governor Bob Ferguson of the initiation of a federal investigation into Washington’s practice of housing men in its women’s prison. The Justice Department will investigate whether Washington engages in a pattern…
😁1😈1
🚨🇧🇷 Brazil Government Health Portal credentials allegedly advertised for sale
A threat actor claims to be selling verified credentials allegedly tied to a Brazil Government Health Portal.
━━━━━━━━━━━━━━━━━━━━
Target: Brazil Government Health Portal
Sector: Government / Healthcare / Public Health
Incident: Credential Sale
Exposure: Verified credentials
Actor: Florence
Country: Brazil
Price: $200
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Verified credential access allegedly linked to a government health portal
▪️ Government healthcare system login access
▪️ Portal access details offered through forum escrow
▪️ Unknown revenue or access scope
▪️ Buyer-only access with direct forum contact required
▪️ Healthcare-related public-sector system exposure
Potential impact:
The alleged access could create serious risks for unauthorized system access, patient privacy exposure, public health data compromise, phishing, impersonation, and government-sector fraud.
Status:
Unverified underground forum sale listing. The actor claims verified credentials are available for $200 and states the sale is limited to serious buyers through forum escrow.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to be selling verified credentials allegedly tied to a Brazil Government Health Portal.
━━━━━━━━━━━━━━━━━━━━
Target: Brazil Government Health Portal
Sector: Government / Healthcare / Public Health
Incident: Credential Sale
Exposure: Verified credentials
Actor: Florence
Country: Brazil
Price: $200
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Verified credential access allegedly linked to a government health portal
▪️ Government healthcare system login access
▪️ Portal access details offered through forum escrow
▪️ Unknown revenue or access scope
▪️ Buyer-only access with direct forum contact required
▪️ Healthcare-related public-sector system exposure
Potential impact:
The alleged access could create serious risks for unauthorized system access, patient privacy exposure, public health data compromise, phishing, impersonation, and government-sector fraud.
Status:
Unverified underground forum sale listing. The actor claims verified credentials are available for $200 and states the sale is limited to serious buyers through forum escrow.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🔥1
‼️ New Dark Web Informer Blog Post!
Title: Canada Beauty Salon database shared: 1M+ business lead records posted from beauty and cosmetics sector
Link: https://darkwebinformer.com/canada-beauty-salon-database-shared-1m-business-lead-records-posted-from-beauty-and-cosmetics-sector/
Title: Canada Beauty Salon database shared: 1M+ business lead records posted from beauty and cosmetics sector
Link: https://darkwebinformer.com/canada-beauty-salon-database-shared-1m-business-lead-records-posted-from-beauty-and-cosmetics-sector/
Dark Web Informer
Canada Beauty Salon database shared: 1M+ business lead records posted from beauty and cosmetics sector
A forum user claims to have shared a large business lead database focused on beauty salons, cosmetics businesses, and related personal care services across Canada and international regions.
🚨🇩🇪 Saarland University allegedly breached: 42K student database records leaked
A threat actor claims to have published the full student database tied to Saarland University, a public research university in Germany.
━━━━━━━━━━━━━━━━━━━━
Target: Saarland University
Sector: Education / Higher Education / Student Records
Incident: Database Leak
Exposure: 42K student records
Actor: StrikerDE
Country: Germany
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student database records allegedly linked to Saarland University
▪️ User and account profile fields
▪️ Names and university email addresses
▪️ Location and country-related fields
▪️ Role or permission-related account metadata
▪️ Student and import-related system records
▪️ Moodle user and course-related file references
▪️ Compressed and uncompressed database files referenced by the actor
Potential impact:
The exposed data could be used for phishing, credential targeting, student impersonation, account takeover attempts, and social engineering against students, faculty, and university staff.
Status:
Unverified underground forum claim. The actor posted sample student records and claims the download is hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor claims to have published the full student database tied to Saarland University, a public research university in Germany.
━━━━━━━━━━━━━━━━━━━━
Target: Saarland University
Sector: Education / Higher Education / Student Records
Incident: Database Leak
Exposure: 42K student records
Actor: StrikerDE
Country: Germany
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪️ Student database records allegedly linked to Saarland University
▪️ User and account profile fields
▪️ Names and university email addresses
▪️ Location and country-related fields
▪️ Role or permission-related account metadata
▪️ Student and import-related system records
▪️ Moodle user and course-related file references
▪️ Compressed and uncompressed database files referenced by the actor
Potential impact:
The exposed data could be used for phishing, credential targeting, student impersonation, account takeover attempts, and social engineering against students, faculty, and university staff.
Status:
Unverified underground forum claim. The actor posted sample student records and claims the download is hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇦🇷 Ruca Baruk Boxer allegedly leaked: 624K personal and contact records exposed
A threat actor using the alias Databasehooligan claims to be selling a dataset allegedly originating from rucabarukboxer.com.ar, an Argentina-based organization connected to dog owner, dog profile, and service booking records.
The actor claims the dataset includes approximately 624,000 records across contacts, dog profiles, and service bookings.
━━━━━━━━━━━━━━━━━━━━
Target: Ruca Baruk Boxer
Country: Argentina
Sector: Pet Services / Dog Breeding / Customer Records
Incident Type: Alleged Database Sale
Claimed Exposure: 624K records
Actor: Databasehooligan
Price: $1,200
━━━━━━━━━━━━━━━━━━━━
According to the post, the dataset allegedly contains customer contact details, emails, phone numbers, addresses, usernames, national ID fields, profile metadata, dog breed and health-related information, vaccination details, microchip numbers, service appointment records, payment status fields, booking notes, feedback notes, and related operational data.
Why it matters:
If authentic, this data could be abused for phishing, identity targeting, customer impersonation, fraud, social engineering, and targeted scams involving pet owners or service customers.
Status:
This remains an unverified underground forum claim. The actor posted sample file links and claims the dataset is available for purchase.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor using the alias Databasehooligan claims to be selling a dataset allegedly originating from rucabarukboxer.com.ar, an Argentina-based organization connected to dog owner, dog profile, and service booking records.
The actor claims the dataset includes approximately 624,000 records across contacts, dog profiles, and service bookings.
━━━━━━━━━━━━━━━━━━━━
Target: Ruca Baruk Boxer
Country: Argentina
Sector: Pet Services / Dog Breeding / Customer Records
Incident Type: Alleged Database Sale
Claimed Exposure: 624K records
Actor: Databasehooligan
Price: $1,200
━━━━━━━━━━━━━━━━━━━━
According to the post, the dataset allegedly contains customer contact details, emails, phone numbers, addresses, usernames, national ID fields, profile metadata, dog breed and health-related information, vaccination details, microchip numbers, service appointment records, payment status fields, booking notes, feedback notes, and related operational data.
Why it matters:
If authentic, this data could be abused for phishing, identity targeting, customer impersonation, fraud, social engineering, and targeted scams involving pet owners or service customers.
Status:
This remains an unverified underground forum claim. The actor posted sample file links and claims the dataset is available for purchase.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
gitGraber: Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
GitHub: https://github.com/hisxo/gitGraber
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/hisxo/gitGraber
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations