Starpool Data Breach

Alleged

Ransomware claim involving Starpool.

Published: Jul 1, 2026 World Leaks
Threat Level
High
Confidence: High

Quick Summary

Company
Starpool
Industry
Business Services
Threat Actor
World Leaks
Date of Incident
Jul 1, 2026
Status
Alleged

Executive Summary

Starpool, a consumer services company based in Italy, has been listed as a victim on the World Leaks extortion group’s dark web portal, published on July 1, 2026. The listing was identified through SOCRadar’s Dark Web Monitoring service. Starpool is classified within consumer services, consistent with a wellness and spa-equipment manufacturer serving consumer-facing markets. Italy is one of the countries where World Leaks has concentrated its recent listings. In the period leading up to this listing, World Leaks claimed 13 other victims, showing a targeting pattern in the manufacturing, healthcare, and business services sectors, primarily in the United States, India, and Italy. Notable organizations with similar profiles recently listed by World Leaks include COMHAR, Reliance Group, Centra Sota Cooperative, and First Federal Savings & Loan. Starpool aligns with the group’s presence in Italy and its focus on consumer services within its broader sector mix.

Technical Analysis

Initial-access correlation against SOCRadar’s stealer-log telemetry surfaced a notable exposure for the starpool.com domain. The returned sample contained corporate credentials for Microsoft identity providers, along with widespread third-party and internal network logins. This indicates an active endpoint compromise and a direct risk to corporate single sign-on. This finding should be treated as credential exposure that exists in parallel to the leak-site listing, rather than a confirmed entry vector for the World Leaks group. World Leaks operates as a data-theft extortion group, and infostealer-driven initial access is not their dominant modus operandi. It is not possible to infer whether the exposed credentials played any role in this incident. However, the surfacing of corporate identity credentials in commodity logs warrants prompt rotation of credentials and a review of SSO authentication, independent of their link to this specific listing.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.