Jan 28, 2025
Lyca Mobile Breach, U.S. Government VPN Access, TalkTalk Data Leak Among Latest Cyber Threats
This week, hacker forums revealed several alarming cyber incidents, including an alleged database leak from Lyca Mobile France and the sale of unauthorized VPN access to a U.S. city government network. Other significant findings include a breach impacting millions of TalkTalk customers, stolen medical insurance data of Brazilian citizens, and sensitive records from Indonesia’s Network Information Center (IDNIC). These incidents underscore the growing cyber risks facing governments, businesses, and individuals globally.
Receive a Free Dark Web Report for Your Organization:
Alleged Database of Lyca Mobile is Leaked
SOCRadar Dark Web Team detected a new alleged database leak involving Lyca Mobile France. The threat actor claims to have uploaded the stolen data, obtained in January 2025, affecting over 1.2 million users, including 375,000 unique email addresses. The compromised data reportedly includes email addresses, phone numbers, account balances, and additional unspecified information.
Alleged Medical Insurance Data of Brazilian Citizens are on Sale
SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of alleged medical insurance data belonging to Brazilian citizens. The dataset reportedly contains 190,000 records, including full names, email addresses, phone numbers, addresses or regions, and insurance and medical policy details.
Alleged Unauthorized VPN Access Sale is Detected for Government of the United States
SOCRadar Dark Web Team detected a post on a hacker forum offering unauthorized VPN access to a city government network allegedly belonging to one of the top 10 largest cities in the United States. The access involves a Cisco ASA VPN, and the threat actor claims limited exploration was conducted, revealing a potential web panel for a police department and the presence of a sizable database.
Alleged Database of Indonesia Network Information Center is on Sale
SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of an alleged database belonging to the Indonesia Network Information Center (IDNIC), the National Internet Registry responsible for administering IP addresses in Indonesia. The dataset, formatted as a .TXT file, allegedly contains over 1,000,518 lines of information, including fields such as admin and technical contacts, authentication details, addresses, phone numbers, emails, and other related data. The total size of the database is 29.6 MB.
Alleged Database of TalkTalk is on Sale
SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of an alleged database belonging to TalkTalk. According to the post, the breach occurred in January 2025 and reportedly impacts 18,839,551 current and former customers. TalkTalk is a British telecommunications company that provides pay television and internet access services to businesses and consumers in the United Kingdom.
The dataset allegedly contains customer information, including Subscriber Properties PIN, first and last names, email addresses, last accessed IP addresses, business phone numbers, and home phone numbers.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
Related Articles
Dark Web Profile: FunkSec
Dark Web Profile: OilRig (APT34)
Jan 22, 2025
Subscribe to our newsletter and stay updated on the latest insights!
