RiskBased Security writes:
News reports of websites being hacked and data being leaked has become an all too common occurrence. Most of the press focuses on popular or well known sites, rarely touching on leaks from sites that reside in the recesses of the “deep web” or “dark web”, accessible only by means such as TOR network software. While such breaches may happen frequently, they rarely see the light of day.
A few weeks ago, one such dark web site going by the name “Besa Mafia” became victim of a hacker using the handle “bRpsd”, who breached the site’s database and posted the information online where it was accessible to anyone. The information posted is a potential serious concern as the Besa Mafia site has a reputation as being an actual hitman-for-hire service with links to the Albanian mafia.
Data leaked in this breach contains user accounts, user personal messages, ‘hit’ orders posted to the site, and a folder named ‘victims’ that contains additional documents within it.
Read more on RBS. It feels odd tagging this under the “Business” sector, but it’s a business, right? Or should this be a “Miscellaneous,” which I usually reserve for not-for-profits, etc.?
Update: I was contacted by someone who claims to be an admin for the Besa Mafia site. The correspondent asked me to post comments submitted by email, which I have done, below this post. It’s obviously important to them that people believe the site really is a marketplace where you can hire hitmen, etc. But do note that the whole Besa Mafia site has been accused of being a scam and/or basically a honeypot. See Pirate dot London and this report in The Mirror, especially if you’re thinking of contacting the site. DataBreaches.net does not have the resources to research the site or the claims. Could it have been a fake data dump created by law enforcement to make the site look like it was cooperating with law enforcement? Yes. Was it? I have no idea.