-
A dark web actor is selling access to over 526,000 Italian website backups and 6,500 MySQL databases.
-
The leaked data, offered for $1000, appears to be from compromised shared hosting providers.
-
If this leak spreads, there could be many copycat websites, surge in identity theft, and a whole lot of malware headaches.
Multiple Italian websites are facing a serious cyber threat. Thousands of online assets are potentially at risk.
A new listing on a dark web forum offers a massive data dump. (This type of illicit sale is common on the major dark web markets dominating the underground economy today.) It includes full access to servers and customer databases.
The Dark Web Offer
An established user on an underground forum posted a new thread. The user, nicknamed “010010”, has been active since 2018. Their post is titled “Italian hosting service sites – 9 more 40 servers – 526193 sites’ backup – 4631 hosting customers – 6546 MySQL db’s”.
The seller asks for $1,000 in USDT cryptocurrency. They promise to provide a huge 1.33 GB SQL dump. It contains 16 different files.
Published screenshots support the claim. They show full access to MySQL databases. A specific table named t_payservice_mysql was visible.
This table held cleartext usernames and passwords. The seller also promises to give out the “phpmyadmin mysql root password”. This suggests deep system-level access.
Seller Profile and Potential Origins
The seller’s nickname, “010010”, is a binary code. This hints at a technical background. Their forum account is not new. It has an established history and reputation.
An analysis of the provided screenshots offers clues. One image shows a file explorer window in the Turkish language, and the user profile path is C:UsersstaniDocumentshostingdatabase.
This points to a machine with a Turkish operating system. It also seems someone named “stanislav karacetin” or “stani” is involved. The file timestamps? All from October 14, 2025 – matches perfectly with when the post was published.
The seller’s behavior is consistent with known threat actors. Their use of crypto payments and obfuscated contact details is common. Vendors from Eastern Europe often show this pattern.
Widespread Risks for Businesses
The true danger lies in the data’s content. The stolen information is not just raw files. It includes complete website backups and customer account details.
This data can be weaponized in several ways. Attackers can use it for digital identity theft. They can create perfect clones of legitimate business websites.
Unauthorized access to the admin panel is a significant risk as well, allowing hackers to insert malicious code and infect thousands of sites. They could install backdoors or steal customer data.
Such attacks can also use the compromised sites for further crimes. They can launch phishing campaigns from trusted domains. The low price tag is alarming.
It makes this vast trove of data accessible to many criminals. The Italian digital ecosystem now faces a serious and immediate threat. Hosting providers and their clients must act quickly to secure their systems.
From Reactive to Proactive: Essential Defense Strategies
The Italian hosting breach shows the cost of weak security. Businesses must learn from past failures. A reactive stance is no longer enough. The whole point here is to make it as hard as possible for anyone trying to hack you.
The first step? Multi-Factor Authentication (MFA); turn it on everywhere, no exceptions. Especially for admin panels that are often facing the internet like a low-hanging fruit. A password alone is not enough. MFA requires a second verification step.
This could be a code from an app or a physical security key. Following phishing-related breaches, Google made MFA mandatory for employees. They specifically used physical security keys.
Reports indicate that this move completely stopped phishing attacks on employee accounts. It’s one step that blocks a whole lot of break-in (unauthorized access) attempts.
Another approach that works is the Principle of Least Privilege (PoLP) – people only get the access they really need. A support agent does not need full database admin rights.
This limits the “blast radius” if one account is compromised. A hacker cannot move laterally to steal everything. Regular access reviews ensure privileges are still appropriate.
Software must also be kept updated. So many hacks happen because someone forgot to update their stuff. Hackers like to target unpatched systems. Automate those updates if you can and slam those doors shut before anyone, hacker or not, even thinks about poking around.
Unused services and ports should be closed. This reduces the number of ways an attacker can get in.
