The LockBit ransomware gang’s dark web affiliate panels were defaced, exposing a MySQL database dump with sensitive information. This breach reveals detailed data including bitcoin addresses, victim negotiations, user passwords, and attack configurations, further damaging the group’s reputation. (Affected: LockBit ransomware infrastructure)
Keypoints :
- The LockBit ransomware gang’s dark web affiliate panels were defaced, with a message linking to a MySQL database dump.
- The leaked database contains twenty tables, including bitcoin addresses, attack builds, configurations, and victim negotiation chats.
- Passwords of 75 admins and affiliates were stored in plaintext, raising security concerns.
- The breach’s origin is unclear, but the defacement message suggests a possible link to other recent attacks like Everest ransomware.
- The server was running vulnerable PHP 8.1.2, susceptible to an actively exploited CVE-2024-4577 vulnerability.
- This leak follows the 2024 law enforcement takedown of LockBit’s infrastructure, further damaging its reputation.
- The breach complicates LockBit’s operations, though it has yet to confirm the full extent of data loss or private key exposure.