Trending

ee-track">
Link copied!

Doxbin Data Leak: Sensitive Information Exposed Through Doxbin

This leak has impacted the general population and the Threat Actors, whose Personally Identifiable Information was revealed on Doxbin.

January 13, 2022 · 4 min read
Doxbin Data Leak: Sensitive Information Exposed Through Doxbin

On January 5, 2022, Cyble Research Lab discovered a Threat Actor (TA) who posted doxbin.com data on a cybercrime forum. Doxbin is a website used for leaking Personally Identifiable Information (PII), or “dox,” of any person of interest. The level of information gathered on a target varies from individual to individual. During our analysis of the data, we saw some DOX containing plain text passwords – a few had details such as name, email, location, occupation, etc.

Figure 1 shows the post by the TA on the cybercrime forum.

Post by the TA on the cybercrime forum on Doxbin
Figure 1: Post by TA on the forum

The TA claims that the data was initially posted on the Telegram channel of Doxbin. Upon further investigation, we found that TA named breachbase, also known as white, bought Doxbin for $75K. Still, after 2-3 months of acquisition, he sold it back to its previous owners kt & Brenton, and, along with that, leaked the doxbin data.

Figure 2 displays the Doxbin site.

Doxbin official site
Figure 2: Doxbin official site

The site recently started operating. As a result, a data leak notice was posted highlighting the incident exposing data of Doxbin users. Figure 2 showcases the recent data leak notice. The released statement pointed out that the leaked information refers to the Doxbin users accessing the site during the white/breachbase ownership. The leak includes information as follows:

  • Account email addresses
  • Bcrypt hashed passwords
  • Blacklist information
  • 2FA secret codes
  • Plaintext passwords
Recent Data Leak Notice on Doxbin site
Figure 3: Recent Data Leak Notice on Doxbin site

After breachbase acquired the site, it’s suspected that the TA started logging data of Doxbin users like IP and plain text passwords. The leaked data contains information on individuals who doxed and those who got doxed.

Leaked data contains the following information:

  • Name
  • Email
  • Contact Number
  • Profession
  • Family member Details
  • Age
  • Geo Location
  • IP address
  • Address
  • Aliases-Social media Handles
  • Gender
  • Date of Birth
  • Plain text passwords
  • Stealer Logs
  • National Identity Number
  • Chats

This leak has impacted the general population and the Threat Actors (TAs). In addition, we found a few doxed TAs whose PII was revealed on Doxbin. For example, figure 4 showcases the alleged PII of Omnipotent, the admin of a cybercrime forum RaidForums.

RaidForums admin details - Doxbin data leak
Figure 4: RaidForums admin details

Figure 5 shows the alleged details of TA named pompompurin, one of the TA’s with a high reputation score on RaidForums.

TA pompompurin details - Doxbin data leak
Figure 5: TA pompompurin details

Figures 6-9 contain sensitive records of a single Individual, and the data format is similar for other records.

Personal Information, Social Media Accounts - Doxbin data leak
Figure 6: Personal Information, Social Media Accounts
IP Details - Doxbin data leak
Figure 7: IP Details
Family Members and House Information - Doxbin data leak
Figure 8: Family Members and House Information
Chats - Doxbin data leak
Figure 9: Chats

Figure 10 shows a Social Security Number.

Social Security Number
Figure 10: Social Security Number

Figure 11 displays the details of the Doxbin users. The first record, ‘kt,’ belongs to the first owner of Doxbin.

Doxbin Users
Figure 11: Doxbin Users

Figure 12 shows the stealer logs. It appears that the victim was infected with a mercurial grabber.

Stealer Logs
Figure 12: Stealer Logs

The leaked data contains over 700K email addresses. Figure 12 displays the tentative count for the top 10 email domains exposed.

DomainNumber of leaked Emails
gmail.com245680
ic.fbi.gov72205
yahoo.com54014
hotmail.com42919
aol.com16020
velaw.com12645
outlook.com11894
protonmail.com6946
ICLOUD.COM6520
stud.etti.upb.ro5754
Table 1: Top 10 domains impacted in leak

Conclusion

This data leak on Doxbin has revealed a lot of sensitive information, and anyone can access it as data is freely available. Though there are details of individuals whose identities were doxed, the leak also contains details of individuals who doxed others. This leak can have impacts such as:

  • Doxed information also includes work-related details of an individual which might be exploited to carry to out phishing attacks.
  • The data leak includes login details and plain-text passwords of some victims, and Threat Actors can try to compromise those accounts.
  • We might witness malicious activities such as identity theft emerging from this leak.

Is your data — or your executives’ — already exposed on leak sites?”

Check Your Exposure

Our Recommendations

Following some essential cybersecurity best practices creates the first line of control against attackers. We recommend our readers follow the best practices as given below:  

  • ​Impacted individuals must reset their passwords.
  • Verify links received from untrusted sources before clicking them as TAs might attempt phishing.
  • Check your email accounts and other exposed accounts for compromise.
  • Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.
  • Conduct regular backup practices and keep those backups offline or in a separate network.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams