The Extortionist, Drake International Leak Data Insight

On the 8th January well known extortion hacker Rex Mundi @RexMundi_Anon announced an attack on Drake International ( In this attack Rex has demanded 50k to prevent the release of client information. Since then Drake has confirmed this attack, Toronto police have started an official investigation and Rex Mundi has announced yet another up coming leak today. Read more about this on Its not the first time Rex has made threats to leak further data if not paid and to actually carry out the leak as we have seen them do it in the past with company’s like CrediPet As normal the original data was removed from all file upload but i have since obtained a copy (it will not be released publicly) of the leaked data which is said to come from drake. > Our Drake International leak (1000’s of email/password combos!): — Rex Mundi (@RexMundi_Anon) January 12, 2013

The leak contains just over 20,000 rows of user credentials with ID, Date ,first names, last name, emails, passwords and contact phone numbers. I have run a process of this data over at and the emails from these accounts come from various country’s like australia, america, canada and more and total to 22,712. See full stats here Also rex has announced that another leak will be released shortly. > Details about the new Belgian Web server we hacked into will be posted in 2 hours time! Stay tuned! — Rex Mundi (@RexMundi_Anon) January 23, 2013

Copy’s of the press releases for Drake data leaks, all links in them are dead. Cache

Twitter: RexMundi_Anon Email: [email protected] Dear friends, foes and members of the media, Our name is Rex Mundi. We previously hacked into the Web servers of Belgian companies Dexia and AGO Interim and, respectively, American, Dutch and French companies AmeriCash Advance, and Credipret. Last week, we hacked into the server of Canadian multinational temp work company Drake International ( We gained access to over 300,000 confidential job applicant records, in addition to data related to the company’s clients. The data stored inside the website’s database relates to candidates located in Australia, New Zealand, the UK and Canada. We immediately contacted Drake International to offer them not to release the data in exchange of a mere $50,000 (fifty thousand US Dollars). So far, we have unfortunately not heard back from the nice folks over at Drake. Does this mean that they do not care about their clients and job applicants’ privacy? You be the judge. They have until the end of this week to pay us. If they fail to comply, their entire database will be posted on Pastebin and on various other websites. Sample data: JOB APPLICANTS ————– Let’s take a look at poor Mike Easter from Australia first. His email address is [email protected] and his password is "just4me" (not anymore!). He listed two references while applying for temp work: Lourdes Bonnici, who is Customer Service Manager at Coles Supermarket (Phone: 93983755) and Sister Helen Reed who is Principal at Mount Saint Joseph Girls College (Phone #: 93981555). Let’s move on to Adene Heinz now, who lives in beautiful New Zealand. Her email address is [email protected] and her password on the Drake Intl website is "fransdekoc". Her phone number is 0792681433. Bet you didn’t imagine Drake Intl would fail to secure its server, Adene! Finally, here comes Daniel Lacroix from Canada. His email address is [email protected] and his password is "samantha" (Girlfriend? Wife? Who knows…) Poor Daniel applied for a job (job ID 42671). First, things seemed to go well. The first message recorded in the Drake Intl DB reads: "Interview Friday 10AM," but then things took a turn for the worst. After the interview, the Drake Intl consultant recorded the following message: "too technical – would be bored." It can be tough getting temp work at Drake Intl! CLIENTS ——- One of Drake International’s clients is eHealth Ontario from, obviously, Canada. This company’s contact address is 777 Bay Street – Suite 701 and it is located in Toronto. Its phone number is 416-586-4141 and its login password on the Drake Intl website is "eagles18". The listed contact address is [email protected]


Dear clients and users of the Drake International website, You will, no doubt, be pleased to hear that your privacy is not even worth $50,000 to Drake. Let’s recap here for a second. Earlier this week, we contacted Drake International to warn them that a security flaw had been found on their Web server and that we would release sensitive data contained in their database if we did not receive $50,000. Our philosophy is simple: "You messed up, you need to own up to it and protect your customers." Apparently, Drake International disagreed since they did not reply to our emails. We then contacted Drake International again to warn them that some of the passwords contained in their database could also be used to access the email inboxes (GMail, Hotmail, etc…) of job applicants who had created an account on their website. We even provided an example by sending them the contents of the Hotmail inbox of a specific applicant. Still, no reply from Drake International. So, fellow hackers, feel free to use the contacts listed in the following leak and sell those addresses to spam lists, Or use the passwords to steal confidential information from those users’ email inboxes. Or steal their identities. Or access their online banking accounts. But, please, make sure to tell your victims that they were scammed simply because Drake International refused to own up to their own shortcomings. Maybe then will they understand that they should have complied. Leak address (.txt file): Rex Mundi

About the author: Lee J

Security Analyst, Developer, OSINT,

Comments are closed.