Italian Hospitality and AT&T Data Claims, Hinge Dump Sale, Meta Llama Leak, and MobiFriend Dataset
SOCRadar’s Dark Web Team identified several new underground posts, including an alleged 230,000-customer dataset tied to an Italian hospitality business and a separate listing promoting a 500,000+ record AT&T mobile consumer dataset. Other posts advertised an alleged 8 million-record Hinge database dump, a 219GB Meta Llama AI package shared via torrent, and a 3.6 million-record “user analytics” dataset labeled as MobiFriend.
Receive a Free Dark Web Report for Your Organization:
The Alleged Database of an Italian Hospitality is on Sale

SOCRadar Dark Web Team detected a threat actor post advertising an alleged customer dataset linked to an Italian hospitality organization. The seller claimed the database contained 230,000 customer records from Italy and framed the listing as data-only, not access.
The listing also referenced revenue below $16M and stated the price as $1 “as per forum rules,” while emphasizing use of a guarantor and discouraging messages from “time wasters” or anyone asking about system access.
The Alleged Database of AT&T is on Sale

SOCRadar Dark Web Team detected a post promoting an alleged USA AT&T Mobile Consumer Database with 500,000+ records, described as consumer or market research data tied to 2025. The actor listed fields commonly used for identity-focused targeting, including full name, mobile phone number, street address, city, state, and ZIP code, and claimed the dataset was available in Excel/CSV/TXT formats.
If authentic, this kind of record set can raise the likelihood of smishing, vishing, and identity-based scams, since phone and address data makes it easier to validate targets and craft believable pretexts.
The Alleged Database of Hinge is on Sale

SOCRadar Dark Web Team detected a listing advertising a “full dump” of Hinge users, with the seller claiming 8 million records and a price of $400 paid in cryptocurrency. The post included a sample link and direct contact handles for buyers.
Even when listings omit exact field details, large claimed user dumps like this typically get reused for follow-on abuse such as targeted phishing, account takeover attempts, and profile enrichment when combined with other breach data.
The Alleged Meta Llama AI Source Code Package is Leaked

SOCRadar Dark Web Team detected a post claiming a 219GB torrent containing Meta’s Llama AI materials across multiple model sizes, including 7B, 13B, 30B, and 65B. The actor described the package as containing model checkpoints plus supporting files such as configuration and tokenizer artifacts, alongside scripts and usage notes.
Leak claims involving large AI packages can create dual risk: intellectual property exposure for the owner and downstream misuse when models or tooling get repurposed for abuse-focused automation and social engineering.
The Alleged Database of MobiFriend is Leaked

SOCRadar Dark Web Team detected a listing advertising a “Global Social Platform User Analytics Dataset” described as 3,687,346+ lines and distributed as an SQL archive. The post claimed the dataset included fields such as user ID, username, email domain, gender, date of birth, registration date, last activity, and location-related attributes like country code and ZIP/postal code.
Even if the seller positioned the data for research or analytics, these attributes can still support targeted scams and profiling, especially when combined with fresher leaks that provide direct emails, phone numbers, or passwords.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
