Doxbin Data Breach: Hackers leak 136,000+ user records, emails, and a ‘blacklist’ file, exposing those who paid to keep their info off the doxxing platform.
Doxbin, a notorious platform associated with doxxing and the exposure of personal information, has been compromised by a hacker group known as Tooda. The attack, which appears a long-time rivalry between different groups, has resulted in the deletion of user accounts, a loss of administrative control, and a leak of a massive user database.
What Happened?
As seen by Hackread.com, according to claims made by the group on its official website and now deleted Telegram channel, they breached Doxbin’s infrastructure, wiped out user accounts, locked out administrators, and exposed the personal details of individuals involved in running the platform. The attackers state that the move was in response to accusations against one of their members.
As part of their attack, Tooda has also released a database containing 136,814 IDs, usernames and email addresses belonging to Doxbin users. While Tooda claims full control over Doxbin’s backend they also leaked a file called “Doxbin Blacklist” which is a collection of people who have allegedly paid to not have their information posted on Doxbin.
Another list on the Tooda group’s website is titled “DoxBin Admin River aka Paula’s Dox,” which contains personal information allegedly belonging to a Doxbin administrator known as River, whose real name is apparently Paula. The file includes detailed personal data about this individual, along with a warning message instructing Paula to stay away from Doxbin.
"Paula and Operator you were both warned by us to stay away from the DoxBin community, even after you were extended an olive branch you decided to power trip and crash out for no reason.
Paula you could have just continued living your sad, worthless life collecting
your money from selling blacklists and gambling it away, all while you hang around
other worthless losers on Discord. If you have purchased a blacklist in the past
consider that money wasted, you will need to blame Paula for it being leaked, she
alone created this situation.
Your entire ego is built up by edating your ransomware affiliated boyfriend
Operator/Clark/ArkaT (Scattered Spider Member), and you're on a power trip because
he spent a third of his net re-purchasing doxbin under a new alias just to get
exposed and get your dox leaked in front of everyone. Sadly mass my reporting Telegram.
channels and slaving EDRs with hardline won't help you out of this situation.
You were given many opportunities to either leave or at the least not attempt (and
fail) to dox every person you had a slight disagreement with.
Take this as a warning, stop trying to dox innocent people, leave the DoxBin community or this will get worse."
-ToddaWhat Does This Mean for Doxbin Users?
For individuals who have used Doxbin, this breach can turn out to be a risky one. Even if usernames and email addresses are the only exposed information, they can still be cross-referenced with other leaks, allowing security researchers, rival hackers, or even law enforcement agencies to trace identities and uncover real-world connections.
At the time of writing, Doxbin was offline. The Doxbin breach goes on to show how even malicious platforms are exposed to rival attacks. For now, Doxbin users might find themselves in the same position they once put others, at risk of being exposed.