Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Alleged Okta Leak, MTS Bank Data Sale, Naucalpan, SSH Access, and Flawireless Claims
Jun 29, 2026
5 Mins Read
Moon

Alleged Okta Leak, MTS Bank Data Sale, Naucalpan, SSH Access, and Flawireless Claims

SOCRadar Dark Web Team identified several new underground posts involving alleged database leaks and access sales. The activity includes an alleged SQL database leak tied to Naucalpan de Juarez services in Mexico, an alleged 3.29 million-record Okta dataset, and an alleged 1 million-record MTS Bank customer database. Other posts advertised alleged SSH root access to a Chinese PDF file-sharing service and a leaked database linked to Flawireless, a U.S.-based mobile accessories and refurbished electronics wholesaler.

Receive a Free Dark Web Report for Your Organization:

Alleged Naucalpan de Juarez SQL Database Leak is Detected

Alleged Naucalpan de Juarez SQL Database Leak is Detected

SOCRadar Dark Web Team detected a threat actor post claiming a leaked SQL database tied to Mexico – Tramites y Servicios Naucalpan de Juarez. The post included Naucalpan-related branding and claimed the data was leaked by multiple actors, with a download link shared through Telegram.

The visible sample suggests structured records linked to local services or administrative data. If authentic, this type of municipal dataset could expose residents or service users to identity fraud, phishing, and document-based social engineering.

Alleged Okta Dataset of 3.29 Million Records is Leaked

Alleged Okta Dataset of 3.29 Million Records is Leaked

SOCRadar Dark Web Team detected a post claiming exposure of 3,298,572 Okta records. The actor described Okta as an identity and access management provider and claimed the exposed records came from support portal and community user accounts.

The listed fields included display name, last name, community nickname, user type, last login date, account status, portal access, email verification, phone verification, time zone, locale, user ID, and profile ID. If valid, the data could support targeted phishing against Okta users by referencing account or portal-related details.

Alleged MTS Bank Customer Database is Offered for Sale

Alleged MTS Bank Customer Database is Offered for Sale

SOCRadar Dark Web Team detected a listing advertising an alleged MTS Bank financial customer database from Russia. The actor claimed the dataset contained approximately 1 million customer records from a 2025 dataset.

The post listed compromised data such as full legal names, national identification or tax identifiers, citizenship information, gender, date of birth, mobile phone numbers, customer IDs, internal banking identifiers, and account-related metadata. If authentic, this exposure could enable identity theft, banking fraud, and highly targeted phishing against affected customers.

Alleged SSH Root Access to a Chinese PDF File-Sharing Service is Auctioned

Alleged SSH Root Access to a Chinese PDF File-Sharing Service is Auctioned

SOCRadar Dark Web Team detected an auction post advertising alleged SSH root access to a Chinese PDF file-sharing service. The seller claimed the service hosted around 350GB of files, received about 5,000 visitors per day, and handled roughly 500 unique PDF downloads per day.

The auction terms listed a $50 start, $50 step, and $350 blitz price. Root-level access claims are especially serious because they may enable data theft, service disruption, malware hosting, or further infrastructure abuse if the access is valid.

Alleged Flawireless Database Leak is Detected

Alleged Flawireless Database Leak is Detected

SOCRadar Dark Web Team detected a post claiming a leaked database linked to Flawireless, operating under the trade name Techy Extra, a U.S.-based wholesaler focused on mobile phone accessories and refurbished electronics.

The actor shared database table references including discount_code.csv and invoices.csv, with the invoice fields showing customer, payment, shipping, tax, product, company, email, phone, and address-related data. If authentic, the exposure could create risks for customer phishing, invoice fraud, business email compromise, and targeted scams using order or shipping details.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.