Breaches

3.1 Million Armenian Citizens' Data Allegedly for Sale on Dark Web

Zero Day Wire

13 Jan 2026 — 1 min read

A threat actor using the alias "datsell_alld" claims to be selling a database containing approximately 3.1 million records of Armenian citizens on a dark web forum.

With Armenia's population estimated at just over 3 million, the claimed size suggests this could represent a near-complete national dataset.

What's Allegedly Exposed

The dataset reportedly includes:

Social Security Numbers (SSN)
Passport numbers
Full names (first, last, and patronymic)
Dates of birth
Document issuance or registration dates
Full residential addresses

Sample data has allegedly been provided to potential buyers to demonstrate authenticity.

Why This Matters

If legitimate, this breach would be one of the most significant data exposures in Armenia's history. Core identity data like SSNs and passport numbers cannot be easily changed, creating long-term risks including:

Identity theft and financial fraud
Document forgery and passport abuse
Targeted phishing and social engineering campaigns

The listing was posted by a relatively new forum account, which may indicate either a newly established actor or an attempt to minimize traceability.

Official Response

Armenian authorities have not publicly commented on the alleged breach. The original source of the data - whether government systems, a third-party contractor, or aggregated legacy databases - remains unknown.

PayPal Confirms Six-Month Data Exposure After Loan System Code Error Leaked Social Security Numbers

PayPal has confirmed a data exposure incident affecting its Working Capital (PPWC) business loan service, where a software code change left sensitive customer information accessible for nearly six months before being detected. The exposure ran from 1 July 2025 to 12 December 2025, when the error was finally discovered and

AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

A financially motivated Russian-speaking cybercrime group compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, using off-the-shelf generative AI tools to scale an operation that would traditionally require a well-resourced team, according to a new incident report from AWS. The campaign, which ran from

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

Read more

PayPal Confirms Six-Month Data Exposure After Loan System Code Error Leaked Social Security Numbers

AWS Reports 600+ FortiGate Firewalls Compromised in AI-Augmented Campaign by Russian-Speaking Cybercrime Group

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse