Dark Web Alert: Multiple Data Leaks Expose Source Code, PII, and Financial Records
This week, cybersecurity firm SOCRadar’s Dark Web Team uncovered a series of alleged data breaches and sales on underground forums, targeting enterprises and financial platforms. The incidents involve proprietary source code, customer personally identifiable information (PII), and credit card details, with threat actors actively monetizing the stolen data.
Axtria: Proprietary Source Code and AI Development Assets Exposed
A threat actor claimed responsibility for breaching Axtria, a global provider of cloud software and data analytics solutions. The leaked data, posted on a hacking forum, reportedly includes internal development repositories, with exposed components tied to:
- Sales performance and incentive management platforms
- Analytics and reporting modules
- Operational dashboards
- Generative AI and agent-based service frameworks
- Backend infrastructure, including containerized deployment configurations and database schemas
The breach suggests significant exposure of Axtria’s intellectual property and AI-driven product development.
Salesfloor: 4TB of Retail Client Data Allegedly Compromised
The hacking group LAPSUS$ claimed to have breached Salesfloor, a Canada-based SaaS provider specializing in clienteling and conversational AI for retail. The threat actor advertised a 1TB compressed (4TB uncompressed) dataset, allegedly containing:
- Full source code and development assets
- SQL databases and system logs
- Customer PII, including names, email addresses, phone numbers, and CRM identifiers
- User images and subscription-related data
The breach is positioned as affecting downstream retail clients, with the threat actor listing multiple well-known brands among the impacted parties.
Republic: 4.9 Million User Records Offered for Sale
A threat actor posted on a dark web forum, advertising the sale of an alleged Republic user database. The investment platform, which facilitates access to startups, real estate, and crypto assets, was reportedly compromised in late January 2026. The dataset, containing 4,942,704 records, includes:
- Email addresses
- Full names
- Physical addresses (city, state, postal code, country)
- Phone numbers
The seller referenced samples to support the claim, pricing the database at a low cost.
1,000 Credit Cards from Multiple Regions Auctioned
A separate dark web listing advertised the sale of 1,000 credit cards from the U.S., U.K., Europe, and Asia. The cards, offered in full format, are claimed to have a 60% validity rate. The auction-style sale includes:
- Starting price: $1,000
- Minimum bid increment: $200
- Buyout option: $2,000
- Auction end date: February 28, 2026
The incidents highlight ongoing risks of intellectual property theft, large-scale PII exposure, and financial fraud in underground markets.
Source: https://socradar.io/blog/axtria-salesfloor-data-leaks-dark-web/
Axtria - Ingenious Insights cybersecurity rating report: https://www.rankiteo.com/company/axtria
"id": "AXT1769519907",
"linkid": "axtria",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Cloud Software & Data Analytics',
'name': 'Axtria',
'type': 'Enterprise'},
{'customers_affected': 'Multiple downstream retail '
'clients',
'industry': 'Retail & Clienteling',
'location': 'Canada',
'name': 'Salesfloor',
'type': 'SaaS Provider'},
{'customers_affected': '4,942,704',
'industry': 'FinTech',
'name': 'Republic',
'type': 'Investment Platform'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': ['4,942,704 (Republic)',
'4TB uncompressed (Salesfloor)'],
'personally_identifiable_information': ['Names',
'Email Addresses',
'Phone Numbers',
'Physical Addresses',
'CRM Identifiers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Source Code',
'PII',
'Credit Card Details',
'SQL Databases',
'System Logs',
'User Images',
'Subscription Data']},
'description': 'This week, cybersecurity firm SOCRadar’s Dark Web Team '
'uncovered a series of alleged data breaches and sales on '
'underground forums, targeting enterprises and financial '
'platforms. The incidents involve proprietary source code, '
'customer personally identifiable information (PII), and '
'credit card details, with threat actors actively monetizing '
'the stolen data.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': ['Source Code',
'PII',
'Credit Card Details',
'SQL Databases',
'System Logs',
'User Images',
'Subscription Data'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'motivation': ['Financial Gain', 'Intellectual Property Theft'],
'references': [{'source': 'SOCRadar’s Dark Web Team'}],
'threat_actor': ['LAPSUS$'],
'title': 'Dark Web Alert: Multiple Data Leaks Expose Source Code, PII, and '
'Financial Records',
'type': ['Data Breach', 'Intellectual Property Theft', 'Financial Fraud']}