The infamous LockBit ransomware group has suffered a serious data breach. Hackers defaced their dark web site, replacing it with a message that read:
“Don’t do crime. CRIME IS BAD xoxo from Prague” and shared a link to a leaked SQL database dump.
The leaked database contains sensitive information from LockBit’s affiliate panel, including:
- 59,975 unique Bitcoin addresses
- Negotiation chats with ransomware victims (over 4,000 messages)
- Names of targeted companies
- Affiliate details, including plaintext passwords like Weekendlover69 and Lockbitproud231
The leak, first spotted by a threat actor named Rey, likely occurred around April 29, 2025, based on timestamps in the database.
Although LockBit’s operator confirmed the breach, they claimed no private keys were exposed. However, the use of PHP 8.1.2, which has a known vulnerability (CVE-2024-4577), might have allowed hackers to remotely access the server.
