Powered by DarkMirror™
This week’s edition covers the latest dark web news from the past week . Attacks on company databases and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:
Database including 233 Million Brazilian Citizens’ Information on the Dark Web

On April 17, 2021, a vendor offered to sell a database allegedly including Brazilian citizens’ information on a dark web forum tracked by SOCRadar. While it is not clear how the database was obtained, the leaked data includes various PII (personally identifiable information) of 233 million Brazilian citizens. According to the vendor’s post, there are addresses, telephone numbers, vehicle data, education level and other information which can pose serious threats for people in the database.
Data of a Payment Aggregator registered in Singapore For Sale On the Dark Web
On April 17, 2021, a vendor attempted to sell data of a payment aggregator registered in Singapore on a dark web forum monitored by SOCRadar. According to the dark web post, The payment aggregator has a large number of clients from Europe and America. Moreover, the owners of the victim organization manage another firm registered in the UK and provide virtual bank accounts for different companies. The vendor asserted to seize a copy of the organization’s cloud, there is information about owners and all customers including documents for opening companies, the results of checks on the validity of the data provided, the presence in international criminal databases of both the company and the owner, bank accounts of owners and passports. The vendor also stated that the data is up-to-date.
Credential Database Put up For Sale on the Dark Web

On April 18, 2021, on a dark web forum monitored by SOCRadar, a credential database put for sale allegedly belonging to the UK, Saudi Arabia, Germany, France, the USA, Australia and South Africa. According to the dark web post, it is unknown on which platforms the credentials can be used but they are checked for emails. While the vendor did not give any information about the source, shared a sample of email results.
Access to an Online e-Shopping Platform from Thailand On Sale on the Dark Web

On April 19, 2021, a vendor posted a thread claiming to sell access to an e-shopping platform from Thailand, on a dark web forum tracked by SOCRadar. According to the dark web post, books and comics are sold on the victim platform and it has 130 thousand followers on social media. The vendor, asserting to get access by using FTP and phpMyAdmin, also stated that last month there were 2400 orders and the platform receives payments mostly with bank redirect.
A Database belonging to an Online Platform from Qatar on the Dark Web

On April 22, 2021, a vendor posted a thread claiming to sell a database of an online platform in the oil and gas sector from Qatar, on a dark web forum tracked by SOCRadar. Doha headquartered platform has a revenue of $13 million. According to the vendor, asserting to obtain the data with SQL injection, there are 83 thousand emails and phone numbers. According to SOCRadar Analyst these emails can be targeted by phishing and social engineering attacks.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.