Jul 07, 2025
New Alleged Leaks Hit Vodafone Egypt, SAP Israel, OKX, and T-Mobile US
SOCRadar’s Dark Web Team has detected multiple alleged database listings this week involving high-profile companies across telecom, technology, and finance sectors. Threat actors claim to be selling or leaking user data associated with Vodafone Egypt, SAP Israel, OKX, and T-Mobile US.
Receive a Free Dark Web Report for Your Organization:
Alleged Database of Vodafone Egypt is on Sale
SOCRadar Dark Web Team has identified a new alleged database leak for Vodafone Egypt shared on a dark web forum. The threat actor claims the dataset contains 29 million records and is offered in CSV format. According to the post, the database includes full names, phone numbers, dates of birth, gender, Facebook profiles, usernames, physical addresses with city and location details, and email addresses.
Alleged Database of SAP Israel is Leaked
SOCRadar has identified a new alleged database leak involving SAP Israel shared on a dark web forum. The threat actor claims to have breached sap.com/israel and leaked the data of 38,000 employees. The exposed information allegedly includes user IDs, usernames, mobile phone numbers, status, subscription package details, email addresses, registration dates, organization names, dates of birth, gender, and account activity status.
Alleged User Database of OKX is on Sale
SOCRadar has identified a new alleged user database sale related to the cryptocurrency platform OKX on a dark web forum. The threat actor claims the dataset contains 56 million records and is labeled as “New Data 2025.” The shared sample suggests the data includes serial numbers, full names, countries, email addresses, phone numbers, registration dates, associated brands, and payment types. The database is offered for $1,250, and the post includes a Tox ID for contact.
Alleged Database of T-Mobile US is on Sale
SOCRadar has identified a dark web post offering for sale a database allegedly containing 64 million customer records from T-Mobile US. According to the shared sample, the dataset includes email addresses, full names, dates of birth, physical addresses, phone numbers, IP addresses, and other unspecified data fields.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
Related Articles
Subscribe to our newsletter and stay updated on the latest insights!