A threat actor using the handle cyandiboo is selling an alleged 4 GB SQL dump from the National Bank of Ukraine’s souvenir coin sales site (coins.bank.gov.ua) on DarkForums. The dataset reportedly contains ~1.5 million records across customer and orders tables, including emails, phone numbers, MD5 password hashes, full names, shipping addresses, tax IDs, passport numbers, and bank_id_token fields. #cyandiboo #NationalBankofUkraine
Keypoints
- Threat actor “cyandiboo” posted a DarkForums listing claiming to sell a 4 GB SQL dump from coins.bank.gov.ua.
- The dataset is described as containing approximately 1.5 million total records across two files.
- The customers table reportedly contains ~270,000 records with emails, phone numbers, and MD5 password hashes.
- The orders table reportedly contains ~1.2 million records including full names, shipping addresses, phone numbers, and emails.
- Sample columns in the listing reference customers_inn (tax IDs), customers_passport, and bank_id_token, and the incident is labeled a high-severity data breach affecting the National Bank of Ukraine’s coin service.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!