DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Babuk re-organizes as Payload Bin, offers its first leak

Posted on May 31, 2021 by Dissent

At the end of April, threat actors known as Babuk indicated that they were closing up shop and switching to a different model:

Babuk changes direction, we no longer encrypt information on networks, we will get to you and take your data, we will notify you about it if you do not get in touch we make an announcement.

Also for other groups that do not have their own blog or have but they want to exert additional pressure, you can not be placed with us.

Two weeks later, they wrote:

Hello! We announce the development of something really cool, a huge platform for independent leaks, we have no rules and bosses, we will publish private products in a single information platform where we will post leaks of successful no-name teams that do not have their own blogs and names, these are not girls who run with ship like rats and change the policy of their resources. these are really strong guys.

Another loud leak awaits you within a week.

Today, we began to see the changes as the site is now called Payload Bin.

Image: DataBreaches.net

The About and Rules pages are not available yet and so far there is only one leak listed under Announcements:  CD Projekt. CD Projekt was attacked in February by attackers using what is believed to be the Hello Kitty ransomware. The hackers had put the stolen source code up for sale on a Russian-language forum, listing it all as:

  • Full sources for the games Thronebreaker , Witcher 3 , the undeclared Witcher 3 RTX (the version of the Witcher with raytracing) and of course Cyberpunk 2077
  • Dumps of internal documents
  • CD Projekt RED offenses .

They subsequently withdrew the auction listing, claiming that they had received a satisfactory offer from outside of the forum, and that because of a condition of no further distribution, they were removing the listing from auction.

Source code withdrawn from auction. Image: DataBreaches.net

Now Payload Bin says they will make all source code available on its site. So what, exactly, happened to that sale with “no further distribution?”

Image: DataBreaches.net

Related:

  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Authorities released free decryptor for Phobos and 8base ransomware
Category: Breach IncidentsMalwareOf Note

Post navigation

← Claiming to be the “new generation,” threat actors declare, “No more discounts or long negotiations”
IA: Union Community School District publicly silent after threat actors dump files on dark web →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Six months after discovering an attack, Northwest Radiologists notifies almost 350,000 Washington State residents
  • As ransomware gangs threaten physical harm, ‘I am afraid of what’s next,’ ex-negotiator says
  • Dermatology Clinics Affected by Practice Management Company Data Breach
  • UK: Physiotherapist who accessed patient’s personal data to visit her home is struck off
  • Genoa Community Hospital discloses breach discovered in March
  • In Singapore, 147,000 customer records exposed in Cycle & Carriage data breach
  • New adult safeguarding toolkit to help protect vulnerable adults’ data
  • Hacker Arrested for Data Theft Targeting Spanish Bank Customers
  • Hackers Allegedly Breach Nokia’s Internal Network
  • State Legislation : Rhode Island Enacts New Financial Institutions Cybersecurity Law With Immediate Effect

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help
  • Attorney General James Takes Action to Protect Sensitive Personal Information of Tens of Millions of People
  • Searches of Your Private Data in the Cloud Amount to Illicit State Action
  • How a Tax Subpoena in Ohio Tests European Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.