Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Alleged Brooks, Keepcool, Truecaller Bot, DAMAC, and US Resume Data Claims
Jul 13, 2026
5 Mins Read
Moon

Alleged Brooks, Keepcool, Truecaller Bot, DAMAC, and US Resume Data Claims

SOCRadar Dark Web Team identified several new underground posts, including the resurfacing of an alleged legacy Brooks International database, a claimed Keepcool member database leak, and an alleged Truecaller Telegram bot dataset sale. Other listings involved DAMAC Properties customer records and a large U.S. resume dataset, showing how both fresh and historical data continue to circulate in underground forums.

Receive a Free Dark Web Report for Your Organization:

Alleged Brooks International Legacy Data Resurfaces

brooks international legacy database dump resurfaces

SOCRadar Dark Web Team detected a forum post re-sharing an alleged legacy database dump linked to Brooks International, a global professional services firm. The poster claimed the archive was originally sourced from RaidForums and dated back to before 2020, describing it as an older dataset they were reposting rather than a newly obtained breach.

The shared archive was listed as 13.4 GB, but the actor did not provide clear details on the exact data fields or the original intrusion method. Although the alleged breach is historical, resurfaced legacy datasets can still create risk when they contain outdated but reusable corporate, client, or credential-related information. Such data may support phishing, identity theft, or credential stuffing if affected users have not rotated old credentials.

Alleged Keepcool Member Database Leak is Detected

keepcool member database leak detected french fitness

SOCRadar Dark Web Team detected a threat actor post on a dark web forum claiming a partial database dump from Keepcool.fr, a French fitness club chain. The actor claimed the dump was dated February 20, 2026, and contained 287,842 member records.

The post claimed the exposed data included full names, email addresses, phone numbers, dates of birth, gender, membership plan details, club locations, and last gym visit information. The actor also claimed they extracted hardcoded admin credentials from Keepcool’s app, obtained a JWT token, and abused a BOLA-style API issue to enumerate and dump member records.

Alleged Truecaller Bot Database Sale is Detected

truecaller bot telegram database sale advertised

SOCRadar Dark Web Team detected a threat actor post advertising the alleged full database of a “Truecaller bot” Telegram bot. The seller claimed the bot retrieves phone number information from multiple sources, including Truecaller and CallApp-like services.

The listing claimed the database contains nearly 6.7 billion unique records and was current as of July 11, 2026. The actor said the dataset is stored in JSONL format, priced the complete database at $5,000, and also offered country-specific records for lower prices. If authentic, this type of dataset could support large-scale phone number enrichment, spam campaigns, impersonation, and targeted social engineering.

Alleged DAMAC Properties Database Sale is Detected

damac properties uae database sale detected online

SOCRadar Dark Web Team detected a post claiming the sale of a DAMAC Properties database containing 400,000 UAE-only records. The actor claimed the data was fresh and had been downloaded from DAMAC’s website before the exposed vulnerabilities were closed.

The seller stated that proof of data access could be shown through samples and asked $10,000, accepting crypto payments only. The post did not provide a detailed field list, but a real estate customer database could expose names, contact details, property interest data, and other customer records that may be valuable for fraud, phishing, and investment-related scams.

Alleged 11 Million US Resume Dataset is Detected

11 million us resume dataset job seeker data

SOCRadar Dark Web Team detected a threat actor post advertising a large collection of 11 million U.S. job seeker resumes, described as totaling around 1TB and spanning more than 20 years. The actor claimed the collection included both recent real-time data and older historical records.

The listed fields included user IDs, registration dates, first and last names, email addresses, phone numbers, street addresses, city, state, ZIP code, country, resume file metadata, resume size, creation and modification dates, and saved filenames for documents such as PDF, DOCX, and DOC files. Because resumes often include work history, education, skills, and contact information, this kind of exposure can enable highly personalized phishing, recruitment scams, identity theft, and business email compromise preparation.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.