Dark Web Leak Claims Target Colis Privé and Multiple Online Services
Dark web monitoring reports described unverified data leak claims involving several organizations, including French parcel delivery firm Colis Privé. One post on BreachForums allegedly offered an upload of 22,564,381 records attributed to Colis Privé, described as .jsonl files totaling ~4.1 GB; no specific threat actor attribution or company confirmation was cited, and the notice characterized the situation as informational while scope is assessed. If authentic, the scale and format of the dataset would materially increase risk of identity theft, credential stuffing, and targeted phishing against customers.
Separate dark web forum posts also alleged database exposures affecting JobsGO (Vietnam recruitment platform), MyVete (veterinary management platform), PIXPAY (Senegalese payment service), and Groupe Fondasol (France-based engineering). The claimed datasets reportedly include CV/personal records, and in some cases API credentials and employee metadata, with example figures including ~2.3 million records for JobsGO and ~5.57 million records for MyVete (verification not indicated). Across the claims, the primary business risk is downstream abuse of exposed personal and operational data for social engineering, recruitment fraud, and account takeover, rather than immediate exploitation of a specific software vulnerability.
Sources
Related Stories
Dark Web Leak Claims Target Multiple Organizations, Including Salesfloor and Republic
Dark web monitoring reports surfaced multiple **alleged data leaks** affecting unrelated organizations, with several listings offering databases for sale or direct download. Reports claim **Republic (republic.com)** user data (~4.94M users) was listed for sale for **$2,400**, allegedly including names, emails, physical addresses, and phone numbers. Separate dark web listings also alleged exposure of **rueducommerce.fr** user data (linked in reporting to **Carrefour**) totaling ~2.17M records with similar PII, as well as alleged leaks involving **Dunzo** (~3.4M records) and **Menulux** (~93K records). Additional reporting highlighted a historical breach dataset for the **YouHack** forum (2013; ~107K users) containing usernames, emails, passwords, IPs, posts, and private messages, and a smaller exposure tied to **buylottoonline.com** (~38.5K email records). One of the most consequential claims involved **Salesfloor / People Powered E-Commerce (salesfloor.net)**, attributed in reporting to **LAPSUS$**, alleging theft of roughly **4 TB uncompressed** (1 TB compressed) data including **source code, logs, and customer information**, with potential downstream impact to retail brands using the platform. Separately from the dark-web-leak theme, other items in the set describe distinct vulnerability-driven risks rather than breach listings: **Zoom Node MMRs** command injection (**CVE-2026-22844**, CVSS 9.9) enabling arbitrary code execution in certain hybrid meeting deployments; **SmarterMail** auth bypass (**CVE-2026-23760**) enabling admin password reset via `force-reset-password` and potential RCE; **Vite** improper access control (**CVE-2025-31125**) enabling sensitive file exposure via query parameters such as `?inline&import` / `?raw&import` (noted as added to CISA KEV); and **Appsmith** password-reset token exposure (**CVE-2026-22794**) enabling account takeover, with internet-exposed instances identified via Shodan and remediation via upgrade to *Appsmith* 1.93. These vulnerability reports are separate from the dark web leak claims and should be tracked as independent patching priorities rather than as part of a single breach event.
1 months ago
Multiple Data Exposure and Breach Reports Involving French Citizens, Victorian Students, and Alleged PayPal Credentials
Security researchers reported a large, publicly exposed database on an open cloud server containing **tens of millions of French citizen records** aggregated from at least five prior breaches, including voter data, healthcare entries, CRM contacts, financial profiles (including **IBANs/BICs**), and vehicle-related information. The dataset appears to have been compiled to increase resale value and enable identity cross-linking, elevating risks of **phishing, fraud, and identity theft**. Separately, Australia’s **Victorian Department of Education** notified parents that an unauthorized party accessed a student database containing names, school names, year levels, school-issued email addresses, and **encrypted passwords**, prompting a forced password reset and temporary account access disruption; the department stated more sensitive fields (e.g., home addresses, phone numbers) were not exposed and investigators had not confirmed public release. In another unrelated report, researchers questioned the veracity of a newly claimed **PayPal** breach, assessing a ~100,000-record credential “combolist” as likely **outdated infostealer-log data** rather than evidence of a fresh PayPal compromise, noting PayPal’s prior refutation of similar claims and the practical barriers posed by MFA.
1 months agoMassive Data Exposure via Misconfigured Elasticsearch Server Containing 6 Billion Records
A misconfigured Elasticsearch server, believed to be operated from Russia or a Russian-speaking country, was discovered leaking over 6.19 billion records to the public internet without any authentication or password protection. The exposed server contained a massive trove of 1.12 terabytes of data, including records collected from both disclosed and undisclosed data breaches, as well as information obtained through website scraping. Among the most sensitive data found were records from Ukrainian bank Accordbank, which included users’ full names, birthdates, birthplaces, addresses, phone numbers, national ID numbers, passport numbers, and tax codes. Independent cybersecurity researcher Anurag Sen was the first to identify the exposed server and report its existence to the media. The server’s index information confirmed the scale of the exposure, with over 6.19 billion records available for anyone to access. Screenshots from the server revealed that the data was stored in JSON format and included detailed personally identifiable information (PII) from various sources. The database also contained files referencing Accordbank, which were later observed being peddled by the user "tRex_Prime" on DarkForums, indicating that the data may have already been accessed and distributed by other threat actors. The leak included not only banking and contact information but also records from other breaches and data scraped from websites, making the exposure particularly broad and damaging. The server was eventually taken offline, but it remains unclear how long the data was accessible or how many unauthorized parties may have downloaded the information. Previous incidents involving hacking groups such as ShinyHunters and Nemesis were also mentioned, as they had leaked stolen data and hacking tools from other exposed cloud storage resources in the past. The incident highlights the ongoing risks associated with misconfigured cloud infrastructure and the potential for large-scale data aggregation to amplify the impact of breaches. Security experts warn that such exposed databases are prime targets for cybercriminals seeking to exploit PII for identity theft, fraud, and further attacks. The presence of both old and new breach data, as well as scraped information, demonstrates the evolving tactics of threat actors in collecting and monetizing sensitive information. Organizations are urged to regularly audit their cloud configurations and monitor for unauthorized data exposures to prevent similar incidents. The scale and sensitivity of the leaked data underscore the urgent need for improved security practices in managing large datasets, especially those containing PII from multiple sources. The incident serves as a stark reminder of the consequences of failing to secure cloud-based data storage and the far-reaching impact such exposures can have on individuals and organizations worldwide.
5 months ago