Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Alleged Axtria & Salesfloor Data Leaks Surface on Dark Web
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Fox Kitten
Dark Web Profile: Fox Kitten
Jun 15, 2026
SOCRadar® Cyber Intelligence Inc. | Iran Hajj Organization Data Claim, Crypto Leads Sale, APT43 Tooling Claim, Sweden User Data, and Chrysler Breach Claim
Iran Hajj Organization Data Claim, Crypto Leads Sale, APT43 Tooling Claim, Sweden User Data, and Chrysler Breach Claim
Jun 15, 2026
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Rock
Dark Web Profile: Rock
Jun 12, 2026
SOCRadar® Cyber Intelligence Inc. | New Data Extortion Group “Pink” Goes Big Game Hunting With Evasive Phishing Kits
New Data Extortion Group “Pink” Goes Big Game Hunting With Evasive Phishing Kits
Jun 12, 2026
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Tengu Ransomware (Shisa)
Dark Web Profile: Tengu Ransomware (Shisa)
Jun 11, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Jan 27, 2026
4 Mins Read
Moon

Alleged Axtria & Salesfloor Data Leaks Surface on Dark Web

SOCRadar’s Dark Web Team identified several new underground posts this week, including alleged data leaks involving Axtria and Salesfloor, a claimed user database sale linked to investment platform Republic, and an auction offering 1,000 credit cards spanning multiple regions.

Receive a Free Dark Web Report for Your Organization:

Alleged Data of Axtria Are Leaked

Alleged Data of Axtria Are Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging a data breach involving Axtria, a global provider of cloud software and data analytics solutions. The threat actor claims responsibility for the incident and states that the stolen data has been uploaded for download on a hacking forum.

According to the claim, the exposed material consists primarily of Axtria’s proprietary source code. Review of the shared directory structure suggests the exposure of multiple internal development repositories, including components related to sales performance and incentive management platforms, analytics and reporting modules, and operational dashboards. The dataset also appears to include assets linked to generative AI and agent-based services, indicating potential exposure of AI-driven product development work.

The leaked structure further points to the disclosure of infrastructure and backend components, such as containerized deployment configurations, orchestration-related files, and backend application logic tied to database schemas and service environments.

Alleged Data of Salesfloor Are Leaked

Alleged Data of Salesfloor Are Leaked

SOCRadar Dark Web Team detected a threat actor post attributed to LAPSUS$ claiming a breach of Salesfloor, a Canada-based SaaS provider focused on clienteling and conversational AI for omnichannel retail. The threat actor alleges the exfiltration of a large dataset, described as approximately 1 TB compressed and 4 TB uncompressed, and claims the data has been prepared for release.

According to the post, the allegedly compromised material includes full source code, development assets, SQL databases, system logs, user images, and customer PII tied to Salesfloor’s retail clients, including names, email addresses, phone numbers, CRM identifiers, and subscription-related flags. The threat actor also lists multiple well-known brands whose data was allegedly impacted, positioning the breach as affecting downstream retail customers rather than Salesfloor alone.

Alleged Database of Republic Is on Sale

Alleged Database of Republic Is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged user database linked to Republic, an international investment platform offering access to startups, real estate, and crypto assets. The threat actor claims the compromise occurred in late January 2026 and lists the dataset for sale at a low price point.

According to the post, the database allegedly contains 4,942,704 user records. The exposed data is described as including email addresses, first and last names, physical addresses, city, state, postal code, country information, and phone numbers. Samples were referenced to support the claim.

Alleged 1,000 Credit Cards Belonging to Several Countries Are on Sale

Alleged 1,000 Credit Cards Belonging to Several Countries Are on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged credit card dataset spanning multiple regions, including the United States, the United Kingdom, Europe, and Asia. The listing presents the cards in full format and claims a validity rate of 60 percent.

According to the post, the lot consists of 1,000 cards offered via an auction-style sale, with a starting price of 1,000, minimum bid increments of 200, and a buyout option set at 2,000. The auction is stated to conclude on February 28, 2026.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.