Alleged Rogers, StockX, and Tax Office Data Sales Plus Crypto, Bank, and Magento Listings

SOCRadar’s Dark Web Team identified several new underground posts this week, including an alleged database sale tied to Rogers Communications and Fido, a U.S.-focused tax office dataset advertised with sensitive tax and banking fields, and multiple credential-oriented listings connected to Australian banks and crypto platform users. Additional posts promoted an alleged StockX user database sale and an alleged Magento vulnerability listing marketed as a limited-availability “0 day” offer.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of Rogers Communications is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged database linked to Rogers Communications and its subsidiary Fido.

The seller claims the dataset contains 10.9 million lines of customer data sourced from Rogers Mobile and Fido. The listing advertises an asking price of $300,000, states the deal will be handled through an escrow-style “garant” process, and includes samples with a request for private contact via direct messages or Telegram.

The Alleged Database of an American Tax Office is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged USA-only tax office database.

According to the listing, the dataset includes 300,000+ users and is described as a large TXT file containing numerous data items, including tax forms such as 1040/W-2 and payment-related references spanning 2022–2025. The seller also lists fields suggesting highly sensitive PII and financial content such as names, addresses, phone numbers, emails, dates of birth, SSNs, driver’s license data, and banking identifiers. The post frames the sale as an auction, starting at $4,000 with a $8,000 “blitz” price and a 72-hour extension model after each bid.

Alleged Login Credentials of Australian Banks are on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising alleged login credentials associated with multiple Australian financial institutions.

The post lists targets such as St.George, IMB, CommBank, Westpac, pulsecredit.com.au, and Qudos Bank, with pricing tiers based on volume (1K+ to 10K+). The seller indicates that interested parties should request details via private messages, implying bulk credential distribution rather than a single organization-specific breach claim.

Alleged Database of Multiple Crypto Platform Users is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising a multi-platform dataset tied to crypto service users and related identifiers.

The listing claims millions of records spread across platforms such as Gemini, Coinbase, Robinhood, Ledger, CoinMarketCap, Cointracker, Gatehub, Hitfinex, Paxful, and “other platforms,” along with Twitter handle data. The post also describes a generalized file structure including first name, last name, email, phone, country, and source, suggesting a consolidated “lead-style” dataset intended for profiling and targeting.

Alleged Database of StockX is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged StockX user dataset.

The seller claims the data covers 16 million users and references a dataset size of 5GB+. The post lists fields such as email, username, names, hashed password values, IP and device indicators, language, and address-related entries, and states the seller is offering the package as a full dump rather than partial sales.

The Alleged 0-Day Vulnerability Sale is Detected for Magento

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising an alleged Magento vulnerability listing described as a “0/1 day,” with the seller claiming there is no CVE associated at the time of posting.

The advertisement claims the issue affects Magento 2 up to 2.4.9-alpha2 and is priced at $30,000, with the seller stating only two copies are available. The post directs interested parties to private messages for details and references escrow-style handling for the transaction.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.