-
In a recent development, a threat actor with the pseudonym 888 has allegedly published about the data hack of Teknobuilt, claiming that the hack occurred in October 2025.
-
888 also published the source code of the UK-based tech giant on DarkForums.
-
A risk of this kind could damage partnerships and trust for Teknobuilt globally.
A threat actor has taken to the dark web, claiming to be responsible for a recent data breach of a United Kingdom-based tech giant, Teknobuilt. According to the thread posted on DarkForums on Wednesday, 15th October 2025, 888 welcomed other attackers to download Teknobuilt’s source code, which was uploaded on DarkForums.
Teknobuilt is a notable company, known for its efforts in the construction, virtual infrastructure, and energy industries.
The firm partners with various notable legal entities, including Oracle, the University of Alberta, the American University in Cairo, and McKinsey & Company. For Oracle, it offers AI-driven and cloud-based solutions for project management and engineering.
888 Publishes Teknobuilt Source Code
According to 888’s forum thread, the threat actor claims to have leaked Teknobuilt’s source code and even uploaded it to the online dark web platform. Allegedly, the exposed data also included internal Git repository information, which may disclose commit history, branch titles like ‘feature’, ‘hotfix’, and ‘bugfix’. In addition to the repos, backend systems, API endpoints, and settings for variable database drivers like PostgreSQL, MySQL, and SQLite.
Third-party service APIs and vendor libraries for its partners, such as Authorize.NET, AWS, and Stripe, and various Omnipay payment portals.
According to the post, the attacker included a huge Teknobuilt banner with its company description, stating that the data breach took place in October 2025.
It is worth noting that 888 did not try to sell the exposed data; instead, the hacker published it publicly to boost reputation and visibility. The attacker also didn’t mention any ransomware element or financial demand from its victim.
888 first came on Dark Forums in October 2024, and since then, it has targeted entities across the United States, Vietnam, India, Brazil, Malaysia, and the United Kingdom. Some of its victims include US-based firm Credera, Kiple—a software development firm in Malaysia, and other unidentified firms.
Data breaches, leaks, and hacks usually include ransomware, extortion, malware, identity theft, and account takeovers and makeovers. Attackers usually take over accounts by exploiting reused or easily guessed passwords or by accessing customer details exposed in data leaks. These are usually the result of data hacks and data breaches.
Netizens React
Netizens on DarkForums received the news of the Teknobuilt source code leak with excitement. A user with the moniker “Tropicalmintyy” commented on the thread, stating that they were “looking forward to seeing what’s inside,” talking about the source code. Another user, LeakER313, commented that it was a “Niice leakkk.”
What Could This Mean for Teknobuilt?
An attack of this scale can damage Teknobuilt’s reputation, affecting its relationship with clients and key partners like Oracle. By the release of Teknobuilt’s source code, other threat actors can locate additional vulnerabilities in the firm’s internal production systems. The firm’s trade secrets and intellectual property can be at risk of compromise.
The Teknobuilt cyberattack is one of the recent high-profile source code leaks on DarkForums. This underscores how threat actors such as ‘888’ target tech firms for reputation-driven exposures. Should this claim be authentic, it could expose Teknobuilt’s proprietary structures, impacting both its mainstream customers and internal operations.
