SocRadar Cybersecurity Firm Alleged in Massive 332M Email Scrape

Claim Summary

An actor using the alias “Dominatrix” has posted on a dark web forum, claiming to have leaked a database allegedly associated with the cybersecurity firm SocRadar. The post, dated August 3, 2024, and later modified in November, purports to offer a download containing over 332 million rows of email addresses. The actor claims the data was compiled from publicly available sources using the platform’s standard tools, rather than from a direct security breach of SocRadar’s internal systems. The post includes a file hash and size details, framing the leak as a free download for forum members.

What Is Allegedly Exposed

According to the unverified claim, the sole data type exposed is email addresses. The threat actor states the dataset contains 332 million rows, which they allege were scraped from public sources accessible via SocRadar’s platform. They specify that this translates to approximately 282 million unique email addresses in a valid format. The post provides technical details, including an MD5 hash (4718C4B0ACCBA027D1AC8E1957E9D832) and notes the uncompressed data is roughly 14.69 GB. Crucially, the actor’s own description references an investigation that concluded the data was gathered using standard, public-facing functionalities, not through a compromise of SocRadar’s secure systems or customer data.

Threat Actor Profile

The post is authored by “Dominatrix” and also credits another alias, “USDoD.” The reputation and history of these specific aliases are not immediately clear from this claim, which is a red flag for credibility. The post’s modification by an “Automation” account and its movement to an “official” section of the forum could suggest some level of curation by forum administrators, but this does not validate the underlying claim. The lack of a long-established, reputable threat actor name associated with such a large dataset warrants significant skepticism.

Potential Impact

If the claims are true, the exposure of hundreds of millions of email addresses could lead to a significant increase in targeted phishing campaigns, spam, and credential stuffing attacks. However, the alleged nature of the data collection-described as scraping public sources-fundamentally alters the risk profile. The potential impact on SocRadar itself appears limited if their internal systems were not breached, though the association of their name with a mass data leak could cause reputational damage. For individuals, the primary risk would be an influx of unsolicited emails, though the data purportedly lacks more sensitive accompanying information like passwords or financial details.

What to Watch For

• Verification Efforts: Monitor for any official statement from SocRadar regarding these allegations. Also, watch for other threat intelligence vendors or researchers who may attempt to validate the dataset’s contents and true origin.
• Data Usage: Observe underground forums and markets for mentions of this specific dataset being used in phishing kits or spam campaigns, which could serve as indirect validation of its existence.
• Actor Activity: Note if the aliases “Dominatrix” or “USDoD” are linked to other data leaks or claims, which could help assess their credibility.
• Exaggeration Red Flags: The enormous volume of records (332M) with a relatively small file size for just emails (14.69 GB) is plausible but should be scrutinized. The claim’s credibility hinges entirely on unverified forum posts without accompanying sample data for public review.

Disclaimer

This report details an unverified claim from a dark web forum. The allegations presented here have not been independently confirmed by Yazoul Security or, based on the post’s own text, by the targeted organization. The data is purported to be from public sources, not a direct security breach. All details, including the scale of the data, the involved actors, and the method of collection, are based solely on the threat actor’s statements and should be treated with caution until corroborated by reliable evidence.